Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   e.ligatus.com 34088 Poppup (https://www.trojaner-board.de/134158-e-ligatus-com-34088-poppup.html)

aloukat 26.04.2013 16:02
e.ligatus.com 34088 Poppup
 
Hallo zusammen, ich habe folgendes Problem, ähnlich wie in diesem Thread:



Öffnet mein Firefox immer diesen Link: er poppt alle paar stunden mal auf...

hxxp://e.ligatus.com/LigatusFallback.gif?ids=34088

Mein Virenpogramm (AVAST) hat nichts gefunden, und ich kriege diesen fehler einach nicht weg.

Ich habe bereits wie in dem anderen Thread beschrieben, adwcleaner und TFC.exe ausgeführt.

Die Logs hänge ich genauso wie die von Malwarebytes an.

Malwarebytes_LOG:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Fabio :: Fabio-PC [Administrator]

26.04.2013 16:58:26
mbam-log-2013-04-26 (16-58-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241379
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


adwcleaner.txt:
Code:
# AdwCleaner v2.202 - Datei am 26/04/2013 um 16:35:06 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Fabio - Fabio-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Fabio\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Fabio\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Fabio\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Fabio\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SocialBit
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1118 octets] - [26/04/2013 16:35:06]

########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########
dds.txt:
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Fabio at 16:43:52 on 2013-04-26
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.2347 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoSimpleNetIDList = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C} : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A} : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-10 23:55; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 21:02; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-03-15 21:02; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-03-19 19:30; tabutils@ithinc.cn; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-7 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-7 377920]
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2010-1-20 332688]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-11 45248]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-22 492032]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2012-7-20 2635776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-22 3560288]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2012-2-22 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2012-2-22 157288]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 178624]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-9-16 45664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-3-23 4774208]
S3 vpcuxd;USB-Virtualisierungsstubdienst;C:\Windows\System32\drivers\vpcuxd.sys [2013-1-28 16384]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-25 03:06:18        1656680        ----a-w-        C:\Windows\System32\drivers\ntfs.sys
2013-04-23 22:42:51        9317456        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\mpengine.dll
2013-04-23 10:41:18        --------        d-----w-        C:\Program Files (x86)\Common Files\Adobe Systems Shared
2013-04-23 10:38:47        --------        d-----w-        C:\PS2
2013-04-23 01:57:43        --------        d-----w-        C:\Program Files\iConvert
2013-04-23 01:45:55        151552        ----a-w-        C:\Windows\SysWow64\nvRegDev.dll
2013-04-23 01:45:46        61440        ----a-w-        C:\Windows\SysWow64\nvPhotoshopUtil.dll
2013-04-23 01:45:46        40960        ----a-w-        C:\Windows\SysWow64\nvISWOW64.dll
2013-04-23 01:45:45        729088        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-04-23 01:45:45        69715        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-04-23 01:45:45        5632        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-04-23 01:45:45        266240        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-04-23 01:45:45        192512        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-04-23 01:45:45        188548        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-04-23 01:45:44        311428        ----a-w-        C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-04-23 01:39:37        --------        d-----w-        C:\Users\Fabio\AppData\Local\fontconfig
2013-04-23 01:39:33        --------        d-----w-        C:\Users\Fabio\AppData\Local\gegl-0.2
2013-04-23 01:39:33        --------        d-----w-        C:\Users\Fabio\.gimp-2.8
2013-04-23 01:37:24        --------        d-----w-        C:\Program Files\GIMP 2
2013-04-15 19:29:15        --------        d-sh--w-        C:\Windows\ftpcache
2013-04-15 19:11:41        --------        d-----w-        C:\Program Files (x86)\Activision
2013-04-09 17:57:38        3153408        ----a-w-        C:\Windows\System32\win32k.sys
2013-04-09 17:56:12        223752        ----a-w-        C:\Windows\System32\drivers\fvevol.sys
2013-04-09 17:56:06        5550424        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-04-09 17:56:04        3913560        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2013-04-09 17:56:03        3968856        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-09 17:56:02        112640        ----a-w-        C:\Windows\System32\smss.exe
2013-04-09 17:56:01        6656        ----a-w-        C:\Windows\SysWow64\apisetschema.dll
2013-04-09 17:56:01        43520        ----a-w-        C:\Windows\System32\csrsrv.dll
2013-03-31 00:58:09        --------        d-sh--w-        C:\$RECYCLE.BIN
2013-03-30 22:14:46        --------        d-----w-        C:\Users\Fabio\AppData\Roaming\Malwarebytes
2013-03-30 22:14:26        --------        d-----w-        C:\ProgramData\Malwarebytes
2013-03-29 17:51:03        --------        d-----w-        C:\Program Files (x86)\Microsoft WSE
2013-03-29 17:50:49        --------        d-----w-        C:\ProgramData\Netzmanager
2013-03-29 17:50:49        --------        d-----w-        C:\Program Files\Netzmanager
2013-03-29 17:50:42        --------        dc-h--w-        C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-03-29 17:23:24        --------        d-----w-        C:\Users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
.
==================== Find3M  ====================
.
2013-04-24 23:37:16        214520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-24 23:37:16        214520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2013-04-24 20:15:27        214520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-12 17:37:32        71048        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:37:32        691592        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 21:52:11        16486616        ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 23:10:56        282744        ------w-        C:\Windows\System32\MpSigStub.exe
2013-03-06 23:33:21        70992        ----a-w-        C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21        65336        ----a-w-        C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21        178624        ----a-w-        C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21        1025808        ----a-w-        C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20        80816        ----a-w-        C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51        41664        ----a-w-        C:\Windows\avastSS.scr
2013-03-06 18:26:54        861088        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 18:26:54        782240        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2013-03-04 11:55:04        37704        ----a-w-        C:\Windows\System32\VNCpm.dll
2013-03-04 11:55:00        4608        ----a-w-        C:\Windows\System32\drivers\vncmirror.sys
2013-03-04 11:55:00        26112        ----a-w-        C:\Windows\System32\vncmirror.dll
2013-02-25 23:32:38        1814304        ----a-w-        C:\Windows\System32\nvdispco64.dll
2013-02-25 23:32:32        1510176        ----a-w-        C:\Windows\System32\nvdispgenco64.dll
2013-02-21 10:30:16        1766912        ----a-w-        C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39        2877440        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37        61440        ----a-w-        C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37        109056        ----a-w-        C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07        2240512        ----a-w-        C:\Windows\System32\wininet.dll
2013-02-21 10:14:09        3958784        ----a-w-        C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05        67072        ----a-w-        C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05        136704        ----a-w-        C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03        2706432        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14        2706432        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53        71680        ----a-w-        C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18        89600        ----a-w-        C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24        135168        ----a-w-        C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22        350208        ----a-w-        C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22        308736        ----a-w-        C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22        111104        ----a-w-        C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31        474112        ----a-w-        C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26        2176512        ----a-w-        C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05        19968        ----a-w-        C:\Windows\System32\drivers\usb8023.sys
2013-02-10 01:04:31        6393120        ----a-w-        C:\Windows\System32\nvcpl.dll
2013-02-10 01:04:31        3472672        ----a-w-        C:\Windows\System32\nvsvc64.dll
2013-02-10 01:04:29        877856        ----a-w-        C:\Windows\System32\nvvsvc.exe
2013-02-10 01:04:29        63776        ----a-w-        C:\Windows\System32\nvshext.dll
2013-02-10 01:04:29        2555680        ----a-w-        C:\Windows\System32\nvsvcr.dll
2013-02-10 01:04:29        237856        ----a-w-        C:\Windows\System32\nvmctray.dll
2013-02-09 17:43:52        555808        ----a-w-        C:\Windows\SysWow64\nvStreaming.exe
2013-02-09 13:25:36        3035306        ----a-w-        C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 16:44:28,73 ===============
--- --- ---


attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06.08.2012 20:38:57
System Uptime: 26.04.2013 16:36:55 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P41T-D3
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 400 GiB total, 292,677 GiB free.
D: is FIXED (NTFS) - 531 GiB total, 230,098 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e969-e325-11ce-bfc1-08002be10318}
Description: Standard-Diskettenlaufwerkcontroller
Device ID: ACPI\PNP0700\4&226211B3&0
Manufacturer: (Standard-Diskettenlaufwerkcontroller)
Name: Standard-Diskettenlaufwerkcontroller
PNP Device ID: ACPI\PNP0700\4&226211B3&0
Service: fdc
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&15E70C52&0&00E1
Manufacturer: Realtek
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&15E70C52&0&00E1
Service: RTL8167
.
==== System Restore Points ===================
.
RP106: 22.03.2013 20:12:29 - Windows Update
RP107: 26.04.2013 16:28:32 - TuneUp Utilities 2013 wird entfernt
RP108: 26.04.2013 16:29:23 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP109: 26.04.2013 16:30:58 - Removed Java 7 Update 17
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.6) - Deutsch
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.83
Audacity 2.0.2
avast! Free Antivirus
Bigfoot Networks Killer Network Manager
Bonjour
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Canon Inkjet Printer Driver Add-On Module V2.00
Canon MP Navigator EX 1.0
Canon MX310 series
Counter-Strike: Global Offensive
Counter-Strike: Source
Dropbox
Free YouTube Download version 3.2.1.320
Free YouTube to MP3 Converter version 3.12.0.128
iCloud
ICQ7M
IrfanView (remove only)
iTunes
LAME v3.99.3 (for Windows)
Last.fm Scrobbler 2.1.35
Logitech Gaming Software
Logitech Gaming Software 8.30
ManiaPlanet
Mediencenter 3.6.0.1202
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 de)
MSI PLC Utility
Need for Speed™ Most Wanted
Netzmanager
Notepad++
NVIDIA 3D Vision Controller-Treiber 314.07
NVIDIA 3D Vision Treiber 314.07
NVIDIA Grafiktreiber 314.07
NVIDIA HD-Audiotreiber 1.3.23.1
NVIDIA Install Application
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 314.07
NVIDIA Update 1.12.12
NVIDIA Update Components
Origin
Paint.NET v3.5.10
PDF-Viewer
Protect Disc License Helper 1.0.118
ProtectDisc Driver, Version 11
PunkBuster Services
QuickTime
Safari
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.2
Steam
TeamSpeak 3 Client
TeamViewer 8
TmUnitedForever Update 2010-03-15
Tom Clancy's Ghost Recon Future Soldier
TrackMania United 0.2.0.8
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Uplay
VLC media player 2.0.6
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.5
VNC Viewer 5.0.5
WifiAmp Version 2.0.0
Winamp
Winamp Erkennungs-Plug-in
Windows XP Mode
WinPcap 4.1.2
WinRAR 4.20 (64-Bit)
WinSCP 4.3.9
XAMPP 1.8.0
ZERO-G
.
==== End Of File ===========================
Vielen Dank berreits im Vorraus, und ich hoffe ihr könnt mir weiterhelfen.
Mfg Aloukat

M-K-D-B 26.04.2013 16:28
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.







Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.

aloukat 26.04.2013 18:17
So hier die beiden Logs:


JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x64
Ran by Fabio on 26.04.2013 at 18:45:00,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 18:49:03,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix:

Code:
ComboFix 13-04-26.01 - Fabio 26.04.2013  18:51:42.3.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.1983 [GMT 2:00]
ausgeführt von:: d:\users\Fabio\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-26 17:00 . 2013-04-26 17:00        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-04-26 17:00 . 2013-04-26 17:00        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-04-26 17:00 . 2013-04-26 17:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-26 15:51 . 2013-04-26 15:51        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\offreg.dll
2013-04-26 15:43 . 2013-04-26 15:43        --------        d-----w-        c:\windows\ERUNT
2013-04-26 15:42 . 2013-04-26 16:44        --------        d-----w-        C:\JRT
2013-04-26 15:19 . 2013-04-26 15:19        --------        d-----w-        c:\program files (x86)\ESET
2013-04-26 14:52 . 2013-04-26 14:52        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-26 14:52 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-04-25 03:06 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-23 22:42 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\mpengine.dll
2013-04-23 10:41 . 2013-04-23 10:41        --------        d-----w-        c:\program files (x86)\Common Files\Adobe Systems Shared
2013-04-23 10:38 . 2013-04-23 10:38        --------        d-----w-        C:\PS2
2013-04-23 01:57 . 2013-04-23 01:58        --------        d-----w-        c:\program files\iConvert
2013-04-23 01:45 . 2013-04-23 11:39        151552        ----a-w-        c:\windows\SysWow64\nvRegDev.dll
2013-04-15 19:29 . 2013-04-15 19:29        --------        d-sh--w-        c:\windows\ftpcache
2013-04-15 19:11 . 2013-04-15 19:11        --------        d-----w-        c:\program files (x86)\Activision
2013-04-09 17:57 . 2013-02-21 10:14        19230208        ----a-w-        c:\windows\system32\mshtml.dll
2013-04-09 17:57 . 2013-03-01 03:36        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-04-09 17:56 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-09 17:56 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 17:56 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe
2013-04-09 17:56 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-09 17:56 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-04-02 20:51 . 2013-04-03 17:21        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-03-30 22:14 . 2013-03-30 22:14        --------        d-----w-        c:\users\Fabio\AppData\Roaming\Malwarebytes
2013-03-30 22:14 . 2013-03-30 22:14        --------        d-----w-        c:\programdata\Malwarebytes
2013-03-29 17:51 . 2013-03-29 17:51        --------        d-----w-        c:\program files (x86)\Microsoft WSE
2013-03-29 17:50 . 2013-03-29 17:57        --------        d-----w-        c:\programdata\Netzmanager
2013-03-29 17:50 . 2013-03-29 17:50        --------        d-----w-        c:\program files\Netzmanager
2013-03-29 17:50 . 2013-04-01 02:57        --------        dc-h--w-        c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-03-29 17:23 . 2013-04-08 22:00        --------        d-----w-        c:\users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
2013-03-29 17:02 . 2013-03-29 17:03        --------        d-----w-        c:\program files (x86)\Safari
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 23:37 . 2012-11-01 13:16        214520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-04-24 23:37 . 2012-10-31 23:40        214520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-04-24 20:15 . 2012-10-31 23:40        214520        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-04-12 17:37 . 2012-08-07 19:13        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:37 . 2012-08-07 19:13        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-09 17:59 . 2012-08-07 01:11        72702784        ----a-w-        c:\windows\system32\MRT.exe
2013-03-14 23:11 . 2013-03-14 23:11        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-03-14 23:11 . 2013-03-14 23:11        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-03-14 23:11 . 2013-03-14 23:11        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-14 23:11 . 2013-03-14 23:11        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-14 23:11 . 2013-03-14 23:11        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-03-14 23:11 . 2013-03-14 23:11        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-14 23:11 . 2013-03-14 23:11        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 23:11 . 2013-03-14 23:11        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 23:11 . 2013-03-14 23:11        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-03-14 23:11 . 2013-03-14 23:11        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-14 23:11 . 2013-03-14 23:11        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-03-14 23:11 . 2013-03-14 23:11        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-14 23:11 . 2013-03-14 23:11        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-03-14 23:11 . 2013-03-14 23:11        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-03-14 23:11 . 2013-03-14 23:11        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-14 23:11 . 2013-03-14 23:11        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-03-14 23:11 . 2013-03-14 23:11        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-14 23:11 . 2013-03-14 23:11        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-14 23:11 . 2013-03-14 23:11        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-14 23:11 . 2013-03-14 23:11        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-14 23:11 . 2013-03-14 23:11        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-14 23:11 . 2013-03-14 23:11        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-14 23:11 . 2013-03-14 23:11        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-14 23:11 . 2013-03-14 23:11        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-14 23:11 . 2013-03-14 23:11        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-14 23:11 . 2013-03-14 23:11        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-14 23:11 . 2013-03-14 23:11        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-14 23:11 . 2013-03-14 23:11        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-14 23:11 . 2013-03-14 23:11        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-14 23:11 . 2013-03-14 23:11        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-14 23:11 . 2013-03-14 23:11        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-03-14 23:11 . 2013-03-14 23:11        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-03-14 23:11 . 2013-03-14 23:11        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-14 23:11 . 2013-03-14 23:11        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-14 23:11 . 2013-03-14 23:11        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-14 23:11 . 2013-03-14 23:11        149504        ----a-w-        c:\windows\system32\occache.dll
2013-03-14 23:11 . 2013-03-14 23:11        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-03-14 23:11 . 2013-03-14 23:11        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-14 23:11 . 2013-03-14 23:11        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-14 23:11 . 2013-03-14 23:11        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-14 23:11 . 2013-03-14 23:11        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-03-14 23:11 . 2013-03-14 23:11        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-14 23:11 . 2013-03-14 23:11        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-03-14 23:11 . 2013-03-14 23:11        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-03-14 23:11 . 2013-03-14 23:11        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-14 23:11 . 2013-03-14 23:11        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-03-14 23:11 . 2013-03-14 23:11        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 23:11 . 2013-03-14 23:11        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 23:11 . 2013-03-14 23:11        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-03-13 21:52 . 2012-08-14 17:52        16486616        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 23:10 . 2012-08-06 18:55        282744        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-03-03 15:46        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-03 15:46        178624        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-08-07 20:27        377920        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-08-07 20:27        70992        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-08-07 20:27        68920        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-08-07 20:27        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-08-07 20:27        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-08-07 20:27        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-08-07 20:26        41664        ----a-w-        c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-08-07 20:27        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-03-06 18:26 . 2012-09-07 11:47        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 18:26 . 2012-09-07 11:47        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-04 11:55 . 2013-03-23 19:16        37704        ----a-w-        c:\windows\system32\VNCpm.dll
2013-03-04 11:55 . 2013-03-23 19:16        4608        ----a-w-        c:\windows\system32\drivers\vncmirror.sys
2013-03-04 11:55 . 2013-03-23 19:16        26112        ----a-w-        c:\windows\system32\vncmirror.dll
2013-02-25 23:32 . 2012-02-09 20:43        1814304        ----a-w-        c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-09-25 20:11        1510176        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2013-02-12 05:45 . 2013-03-13 20:35        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:35        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:35        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:35        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:35        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:35        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 23:09        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-22 19:29        963776        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2013-02-10 03:25 . 2013-03-22 19:29        7569184        ----a-w-        c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-03-22 19:29        6267240        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-03-22 19:29        20534560        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-03-22 19:29        11040544        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2013-03-22 19:28        9422672        ----a-w-        c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-03-22 19:28        7964680        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-03-22 19:28        2911008        ----a-w-        c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-03-22 19:28        2726176        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-03-22 19:28        25256736        ----a-w-        c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-03-22 19:28        250504        ----a-w-        c:\windows\system32\nvinitx.dll
2013-02-10 03:25 . 2013-03-22 19:28        2350368        ----a-w-        c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-22 19:28        205184        ----a-w-        c:\windows\SysWow64\nvinit.dll
2013-02-10 03:25 . 2013-03-22 19:28        1990944        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-22 19:28        1807136        ----a-w-        c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-22 19:28        17987192        ----a-w-        c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2013-03-22 19:28        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2013-03-22 19:28        1510176        ----a-w-        c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2012-10-10 20:22        15038296        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Socialbit_Winamp_Server"="c:\program files (x86)\WifiAmp\WifiAmp Server.exe" [2011-12-28 418816]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Networks Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2012-2-22 564224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 aswVmm;aswVmm; [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [2013-03-04 4774208]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-01-20 332688]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-02-22 492032]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2012-02-22 31336]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2012-02-22 157288]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2012-12-13 16:30        558592        ----a-w-        c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2012-12-13 16:30        558592        ----a-w-        c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2012-12-13 16:30        558592        ----a-w-        c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: youporn.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - ExtSQL: 2013-03-10 23:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 21:02; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-03-15 21:02; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-03-19 19:30; tabutils@ithinc.cn; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-26  19:12:20
ComboFix-quarantined-files.txt  2013-04-26 17:12
.
Vor Suchlauf: 13 Verzeichnis(se), 313.824.137.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 313.303.470.080 Bytes frei
.
- - End Of File - - A56A9FC2E32F9328F70FB666B8924DFD

M-K-D-B 27.04.2013 09:52
Servus,




Schritt 1
Bitte lade dir ZOEK auf deinen Desktop und starte es.
  • Klicke auf Options
  • Hake an:
    • Firefox Defaults
    • Auto Clean
  • Klicke auf Run Script und warte bis das Programm durchgelaufen ist.
  • Am Ende erstellt es ein Logfile (auch hier: c:\zoek-results.txt)
Poste mir dieses Logfile.





Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Gibt es immer noch Probleme mit "e.ligatus.com" unter Firefox?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ZOEK,
  • die beiden Logdateien von OTL,
  • die Beantwortung der gestellten Frage.

aloukat 29.04.2013 20:26
OTL.txt
Code:
OTL logfile created on: 27.04.2013 13:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,35% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 291,69 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 229,99 Gb Free Space | 43,28% Space Free | Partition Type: NTFS
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\WifiAmp\OpenCvSharp.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (vncserver) -- C:\Programme\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Bigfoot Networks Killer Service) -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BFN7x64) -- C:\Windows\SysNative\drivers\Xeno7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (BfEdge7x64) -- C:\Windows\SysNative\drivers\Edge7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 95 93 C8 DF 1C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.6
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.31
FF - prefs.js..extensions.enabledAddons: tabutils%40ithinc.cn:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.11 00:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 22:01:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.02 22:51:06 | 000,000,000 | ---D | M]
 
[2013.03.15 22:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2013.04.19 18:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\kk4m4oj0.default\extensions
[2013.03.15 22:02:28 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.03.19 20:30:07 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
[2013.04.19 18:35:19 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.03.15 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 00:55:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.22 15:14:36 | 000,000,965 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: youporn.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 13:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Temp
[2013.04.27 13:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.26 18:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 18:19:00 | 005,059,946 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:43:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.26 17:42:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 17:42:39 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT.exe
[2013.04.26 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.26 17:16:24 | 002,347,384 | ---- | C] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 16:52:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.26 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.26 16:49:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:09 | 000,700,783 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.23 13:17:13 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Updater
[2013.04.23 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.04.23 12:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.04.23 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.04.23 12:38:47 | 000,000,000 | ---D | C] -- C:\PS2
[2013.04.23 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\iConvert
[2013.04.23 03:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.23 03:50:44 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.04.23 03:39:37 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\fontconfig
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\gegl-0.2
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\.gimp-2.8
[2013.04.23 03:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.23 03:18:55 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Carskin
[2013.04.17 22:55:27 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Backup
[2013.04.17 22:28:53 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\TM2
[2013.04.15 21:29:15 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.04.15 21:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.04.15 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.04.09 19:58:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.09 19:58:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.09 19:58:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.09 19:58:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.09 19:58:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.09 19:58:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.09 19:58:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.09 19:58:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.09 19:58:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.09 19:58:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.09 19:58:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.09 19:58:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.09 19:58:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.09 19:58:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.09 19:58:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.09 19:56:06 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 19:56:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 19:56:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 19:56:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 19:56:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 19:56:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.02 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.01 01:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDS Converter 2
[2013.03.31 17:52:28 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Shootmania
[2013.03.31 00:14:46 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Malwarebytes
[2013.03.31 00:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.29 19:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Netzmanager
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2013.03.29 19:50:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2013.03.29 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
[2013.03.29 19:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 13:22:01 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 13:22:01 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 13:14:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.27 13:09:20 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.27 13:07:04 | 001,273,277 | ---- | M] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.27 12:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 23:40:13 | 000,082,344 | ---- | M] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.26 20:44:55 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
[2013.04.26 18:18:52 | 005,059,946 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:41:18 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT.exe
[2013.04.26 17:16:26 | 002,347,384 | ---- | M] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 16:49:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:12 | 000,700,783 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:10 | 000,448,512 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.26 16:32:39 | 000,619,461 | ---- | M] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | M] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 22:15:27 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 19:51:10 | 000,461,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 18:59:43 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2013.04.23 13:39:35 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 13:35:15 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 13:35:14 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.23 12:41:36 | 000,001,391 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.22 18:24:04 | 000,139,976 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.22 18:23:18 | 000,282,825 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.22 15:14:36 | 000,000,965 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.22 15:14:36 | 000,000,964 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013.04.19 20:53:01 | 000,117,342 | ---- | M] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 21:16:02 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.15 21:16:02 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.15 21:15:58 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini
[2013.04.15 16:20:04 | 000,000,132 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.04.12 19:37:32 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 19:37:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 23:51:19 | 001,460,661 | ---- | M] () -- D:\Users\Fabio\Desktop\Polo_Schwarz.jpg
[2013.04.05 23:58:27 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 23:58:27 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 23:58:27 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 23:58:27 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 23:58:27 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 01:10:59 | 000,001,362 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 19:50:51 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.29 00:04:11 | 000,001,057 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 00:03:49 | 000,000,939 | ---- | M] () -- D:\Users\Fabio\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.27 13:13:20 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:06:48 | 001,273,277 | ---- | C] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 16:32:33 | 000,619,461 | ---- | C] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | C] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.23 12:42:04 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.04.23 12:41:36 | 000,001,391 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.23 12:41:17 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.04.23 12:40:47 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.04.23 12:40:47 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.04.23 03:45:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 03:45:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 03:45:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.22 18:23:17 | 000,282,825 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.21 22:43:37 | 000,139,976 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.21 21:14:56 | 000,082,344 | ---- | C] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.19 20:53:01 | 000,117,342 | ---- | C] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 21:16:02 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.15 21:16:02 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.15 21:15:58 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2013.04.03 01:10:59 | 000,001,362 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 20:21:07 | 000,001,028 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
[2013.03.29 19:50:51 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.29 19:03:02 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013.02.10 20:22:30 | 000,000,132 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.02.09 22:24:50 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.09 17:04:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 17:04:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 17:04:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 17:04:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 17:04:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 12:01:13 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI
[2013.01.26 11:51:06 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2012.11.09 00:30:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.11.01 01:40:51 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.01 01:40:49 | 003,233,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.01 01:40:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 00:01:09 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2012.08.08 23:20:23 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 27.04.2013 13:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,35% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 291,69 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 229,99 Gb Free Space | 43,28% Space Free | Partition Type: NTFS
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DBA877-2B2E-4A1A-BBCD-0758CB14F240}" = lport=3389 | protocol=6 | dir=in | app=system |
"{02E34D0D-2ACE-4436-B95D-52679CB1E026}" = lport=137 | protocol=17 | dir=in | app=system |
"{11A057C1-8817-46D0-B3CF-882486D5ECAC}" = lport=138 | protocol=17 | dir=in | app=system |
"{316042AB-D94D-4C8C-A62F-B9F9006AACB1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{37AD8634-2F48-4944-8176-E8499FF746A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{380BC82B-7017-406D-8A48-616232899F7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EA5EDA7-521C-4194-9B39-90E2AAEC919A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EE07359-51DD-4BD5-BD09-5D6FD2BEBF7C}" = rport=138 | protocol=17 | dir=out | app=system |
"{54DF3397-D46A-442B-A057-025F345042FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{710B951C-4BCA-419F-B458-4ADCC8C8988D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CCA44CC-6426-4B36-AB7C-0CB3A3A8A483}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DD06B29-5858-49C8-AA9B-F5F0B2ED8D40}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DFD4795-63F3-4D56-928D-C1B51C4F59F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BB2ECBAF-6C3A-4A0B-AEF9-DB44ED7D7EDA}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0D0FC49-2DC8-4869-BD3A-CFD3D0431C9C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D363D8F3-6833-4750-9FF8-C4E7D2393145}" = lport=445 | protocol=6 | dir=in | app=system |
"{E61D3CDA-224E-4F4B-B305-C3875C85FF85}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F8B454DD-7B98-4A6D-8DD5-CF9E26A80EF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B2FC2F-D051-4ED7-93A7-BB90D1830C0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B5A54D9-3612-455B-94E2-E068D4E66AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{13754E8B-AE8D-44D6-8578-EA4D7BD30DFA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{139C5D4D-ABE8-42A0-80BE-BC6AB0BD02D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{13FCC3DD-94F0-47BB-BD24-46263912CF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1940F3C3-E55A-49FC-99F7-06263D930E1F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1CDBBF2D-7EA9-47BD-BC26-E54FA970F36E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{206D63FE-3B3F-4635-8A9E-2A622807B007}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{27FBF07B-6C53-4161-9410-E7EEBF94ABF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29DD692D-51CE-41AE-A949-51B26A9A7A0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{359DDD32-9642-424D-B987-A29770A6258C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36E507F2-99A4-4DBE-9CBC-F9736D372390}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3AB607EB-629D-48FC-AC41-681678CD63D9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe |
"{3B130ECA-180B-44F4-A582-E54FE4165969}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4E5E7988-098E-4CC0-BE9A-6BABD0C990BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E625574-A656-47C3-8EAF-12CE19D1D6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{563492CB-4AB0-40D2-88BA-B297B885E219}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe |
"{5A5D7A33-2185-48FD-8160-14BFD0F188B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{604AD541-EDDB-446A-89C2-357EED3B39DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66466249-A304-4AAA-BD7E-EC176920DBF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76553249-3394-47AC-BD77-363AD17CA0E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F4E764C-712A-451B-B2DA-F35E786F135A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D3DD1A9-5402-45F7-A7FE-5900D75F4180}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{93433208-B6D2-4933-83D6-428E7472F20C}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe |
"{97A2ED78-1D30-4899-A856-8E37DEF908A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99ABC424-A26D-4C92-A1A5-74700767E35C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{9F210811-18BA-4DAC-B489-2758294E0298}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A37170B6-06F3-4D24-AB63-55A5995954DA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{ACC99F29-BF0E-4D38-9CE0-36CFB7017369}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AF85A867-15DB-4DF3-8619-C87ECA9524B0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{B07C961D-7B29-4922-9800-34CD2F0D4422}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B973A505-BC68-44B2-B3D3-292C63D85EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BC467A10-591E-443D-AE63-6297DEA55FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C054A801-26FA-431A-A940-184708FCA23B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C82E17CE-203F-4643-864E-C6E7C1D6EA82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C9D249EB-1EF0-4262-813E-21C3DE2839A3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe |
"{CFF29247-EA8B-4685-B648-D59BCD2BDFB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DB83E3E9-AFA3-467F-A7F1-50E9BDB80591}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DFB61872-D864-4322-8B5E-DE5454D75D29}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E36C8477-C2E3-4B0F-A042-D2EBEA20FF1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4909985-78FD-4E73-BE9F-21803A9F8B05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7EBA883-9166-4638-A529-E113BBBEF648}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EDB830B1-E5C4-40F8-842C-C01E778E777D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F589661F-60BF-49E3-A7AC-526748AE95AC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{FBC32940-627B-4E1F-98FD-12FDE2E376A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{03B431BA-9898-4370-BC9D-E00836A7ACD1}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"TCP Query User{1ED8DF34-DE39-4F09-BFBA-CC29BEA8282B}G:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"TCP Query User{1FE46B1D-886D-406E-92BD-08F21D4FB331}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"TCP Query User{22324E7F-61C4-4909-982E-CD464E138AB3}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"TCP Query User{242527E0-D864-42B3-8483-4FC3775BC466}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3C6751BB-859C-4DDA-8905-E794116FCE49}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"TCP Query User{4DA236ED-2A45-43D3-9137-3C45880B13F8}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"TCP Query User{57FC41FD-CE6B-434A-A1A7-FEC088D038A1}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe |
"TCP Query User{617D5E94-1F72-492E-934D-5D09E9EA8E24}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"TCP Query User{6B532BE5-493E-41BF-941F-7DC236AC0548}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"TCP Query User{735BFB86-B5BB-4FC4-BE29-93123B3926E1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{89D86BE3-CEA2-49A6-B956-7EABAA6A0F45}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{9450C8D4-395B-462E-B974-9C6691F6D5DC}G:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"TCP Query User{9480224F-5F93-4309-84F1-77321CA7848B}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe |
"TCP Query User{B9F272B3-0A7A-42C8-9F47-273C8AA2EF33}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C3CC5A83-8A41-4F62-AE3F-6120470AA3BA}G:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"TCP Query User{DBE14D10-F477-40B8-B83E-1CA9A8F0D8A7}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"TCP Query User{EC3F42A1-89D7-4043-ADB5-28F5F93845E3}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{EDC5029A-4AE8-4EDA-B378-9A22C3FE32BC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{05785A86-9D50-4C05-B05F-B860E40A041B}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"UDP Query User{091C84D1-0A74-4E90-8F14-A156421564BB}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe |
"UDP Query User{20C8FF66-10A3-43BE-BF64-FAD5DD4A4660}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"UDP Query User{287C93FF-3F65-4C4E-B5DF-6A6551FECA9A}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe |
"UDP Query User{3D9904F1-298E-407D-970D-A0215EE55D38}G:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe |
"UDP Query User{3FE1FFA1-E70E-4316-9A5A-42883FD0424D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6950DE41-DA64-49D1-971F-85994CFDE4FC}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7399C382-FE80-460B-9917-C84DAB182BCB}G:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"UDP Query User{861EA591-C3CB-4BEE-AA1E-F4EB433BF455}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{893E07C7-46B4-4FDB-985B-9A3316BD8BC5}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"UDP Query User{B266F40C-36E2-4D30-A3A4-6DAFCA1BC764}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"UDP Query User{BE103C6A-73D2-4F0D-A0C6-5BBACB09A1E2}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"UDP Query User{D12296F4-B3E6-4D9C-A203-115D948AEBFC}G:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe |
"UDP Query User{D9AC2076-D272-4753-99AB-49A58925BBAD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{DA5BC5EE-CF94-4F78-8923-EECAE9FFF751}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{DB5AD1A4-B908-477B-A802-022155515030}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"UDP Query User{EF93FB3C-C2AE-4590-BA20-1FA947672763}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{EFADE744-6BC1-4EFD-B454-83CBFF7B2BD4}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe |
"UDP Query User{F46D154F-3E7E-43CB-8AED-8AF47574885C}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"RealVNC_is1" = VNC Server 5.0.5
"RealVNCViewer_is1" = VNC Viewer 5.0.5
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1195C431-C98F-495C-B609-3390515FA22E}_is1" = WifiAmp Version 2.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2D6AE055-FC94-4E0F-9EB1-5250B850B707}" = ZERO-G
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50B55DD-1015-401C-95D0-58175473F174}" = MSI PLC Utility
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.9
"xampp" = XAMPP 1.8.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mediencenter" = Mediencenter 3.6.0.1202
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2013 21:07:52 | Computer Name = Fabio-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_169.exe,
 Version: 11.7.700.169, Zeitstempel: 0x5155fb9a  Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_169.exe,
 Version: 11.7.700.169, Zeitstempel: 0x5155fb9a  Ausnahmecode: 0x40000015  Fehleroffset:
 0x00017930  ID des fehlerhaften Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung:
 0x01ce42bd0c2887c0  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
Berichtskennung:
 e25962dc-aed6-11e2-9925-880201d22c15
 
Error - 27.04.2013 07:02:29 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.04.2013 07:02:33 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Last.fm\ext_messengernotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.04.2013 07:02:33 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Last.fm\ext_skypenotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.04.2013 07:04:10 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "d:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 26.04.2013 12:49:50 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.04.2013 12:54:32 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.04.2013 13:00:25 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.04.2013 06:15:23 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst nvsvc erreicht.
 
 
< End of report >
zoek-results
Code:
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Fabio on 27.04.2013 at 13:09:23,91.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

Deleted from C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://go.microsoft.com/fwlink/?LinkId=69157");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- Tab Utilities - %ProfilePath%\extensions\tabutils@ithinc.cn.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default
F7E72D3A281F922BACEC1A71A826D4C2        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -        Shockwave Flash
D4BD9F86123C87ECA570418B69326F99        - C:\Windows\SysWOW64\npDeployJava1.dll -        Java Deployment Toolkit 7.0.170.2
5CFAE4C01C044DCC77771E46E2B3544A        - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -        PDF-XChange Viewer
15E298B5EC5B89C5994A59863969D9FF        - C:\Windows\SysWOW64\npmproxy.dll -        Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.03.2013 01:29]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Fabio\AppData\Local\Mozilla\Firefox\Profiles\kk4m4oj0.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Fabio\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

Fehler besteht weiterhin

M-K-D-B 30.04.2013 09:50
Servus,



seit wann (Datum!) genau besteht dieses Problem?
Tritt das Problem nur in Firefox auf?


Es gibt neue Versionen von AdwCleaner und JRT. Wir versuchen es u. a. damit.




Schritt 1
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Deinstallation.
  • Bestätige mit Ja.





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Lösche die vorhandene JRT von deinem Desktop. Wir nehmen eine neue Version:

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 5
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *ligatus*

    :folderfind
    *ligatus*

    :regfind
    ligatus
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von OTL,
  • die Logdatei von SystemLook.

aloukat 30.04.2013 15:21
SystemLook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 15:28 on 30/04/2013 by Fabio
Administrator - Elevation successful

========== filefind ==========

Searching for "*ligatus*"
No files found.

========== folderfind ==========

Searching for "*ligatus*"
No folders found.

========== regfind ==========

Searching for "ligatus"
No data found.

-= EOF =-
ADW Cleaner:
Code:
# AdwCleaner v2.300 - Datei am 30/04/2013 um 15:08:23 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Fabio - Fabio-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Fabio\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\SocialBit

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js

C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1247 octets] - [26/04/2013 16:35:06]
AdwCleaner[S2].txt - [931 octets] - [30/04/2013 15:08:23]

########## EOF - C:\AdwCleaner[S2].txt - [990 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Professional x64
Ran by Fabio on 30.04.2013 at 15:14:46,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.04.2013 at 15:19:32,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL:
Code:
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fabio
->Temp folder emptied: 34474083 bytes
->Temporary Internet Files folder emptied: 6112448 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8903107 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2738 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 610000590 bytes
 
Total Files Cleaned = 629,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_152336

Files\Folders moved on Reboot...
C:\Users\Fabio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Das Problem besteht seit dem 23/24.04.13 habe erst noch versucht mit Avast & Co es los zu werden aber hat leider nicht geholfen.

Besteht die möglichkeit das es an einer website liegt? Mir ist aufgefallen das wenn ich nur mit diesem einen tab arbeite (die anderen Tabs nicht geladen, also im background) das problem nicht so häufig auftritt. Wenn ich aber mehrere tabs aktiv geladen habees öfters auftritt. Allerdings sind die anderen tabs alles Vertrauenswürdige, wie Vereinsseiten, Seiten von Ligen, für meinen server, Community seinte, Bank.

M-K-D-B 30.04.2013 16:42
Servus,


Zitat:
Zitat von aloukat (Beitrag 1054287)
Besteht die möglichkeit das es an einer website liegt? Mir ist aufgefallen das wenn ich nur mit diesem einen tab arbeite (die anderen Tabs nicht geladen, also im background) das problem nicht so häufig auftritt. Wenn ich aber mehrere tabs aktiv geladen habees öfters auftritt. Allerdings sind die anderen tabs alles Vertrauenswürdige, wie Vereinsseiten, Seiten von Ligen, für meinen server, Community seinte, Bank.
Es könnte schon sein, dass es an einer Website liegt.... hmm.

Ich hab noch eine Idee:
  • Öffne Firefox.
  • Gib in die Adressleiste about:config ein und drücke Enter
  • Bestätige die Sicherheitsabfrage mit Ich werde vorsichtig sein, versprochen!
  • Gib in die Suchleiste ligatus ein.
  • Werden dir dabei Einträge angezeigt?
    Wenn ja, wie heißen diese Einträge (Einstellungsname/Status/Typ/Wert)?
  • Schließe Firefox wieder.

aloukat 30.04.2013 16:57
Hi,

also in der Config ist kein eintrag mit ligatus zu finden.

Allerdings war er heute noch nicht da, zuletzt gestern.
Ich werde es jetzt mal weiter beobachten (da du scheinbar auch langsam am ende bist mit deinem Latein) wann genau das poppup auftaucht.

M-K-D-B 30.04.2013 17:01
Servus,


surfe ein wenig mit Firefox und gib mir morgen wieder Bescheid.
Sollte das Problem dann immer noch da sein, dann hab ich noch eine Idee.

aloukat 01.05.2013 22:28
Fehler besteht immernoch, gerade aufgetaucht. Allerdings beim Einstellen von Teamspeak.

M-K-D-B 02.05.2013 10:09
Zitat:
Zitat von aloukat (Beitrag 1054999)
Fehler besteht immernoch, gerade aufgetaucht. Allerdings beim Einstellen von Teamspeak.
Beim Einstellen von Firefox ist ein Pop-up unter Firefox aufgesprungen?



  • Starte Firefox
  • Klicke auf Firefox > Hilfe > Informationen zur Fehlerbehebung
  • Klicke auf Firefox zurücksetzen
  • Klicke abschließend auf Fertigstellen
    Bebilderte Anleitung



Berichte mir, ob danach das Pop-up immer noch kommt.

aloukat 02.05.2013 10:29
Beim Einstellen von Teamspeak (ein Voice Chat Tool) ist einfach FireFox in den Vordergrund "gesprungen" mit dem Popup als neuen Tab (als hätte ich auf einen Hyperlink geklickt, was aber definitiv nicht so war)

Soll ich FireFox trotzdem zurücksetzen?

M-K-D-B 02.05.2013 10:34
Zitat:
Zitat von aloukat (Beitrag 1055141)
Soll ich FireFox trotzdem zurücksetzen?
Ja, mach mal bitte. Und poste anschließend eine neue Logdatei von OTL und berichte, wie Firefox so läuft. :)

aloukat 02.05.2013 16:26
Also fehler ist noch nicht aufgetreten, aber habe gerade ein anderes PC Problem, wo ich nicht mehr weiter weiß. Und zwar ist mein Internet seit heute total Lahm. Nach etlichen Speed test, kriege ich im moment maximal nen Download von 200KB/s, (zwischendurch auch 0,0kb/s oder 0,5kb/s) statt 14.000kb/s. Bei allen anderen in der Familie läuft alles ganz normal, mit vollen 15.000kb/s.
Kann es sein das was auch immer ich mir eingefangen habe meine Internet leitung erheblich blockiert?

Code:
OTL logfile created on: 02.05.2013 17:08:19 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,67% Memory free
8,00 Gb Paging File | 5,80 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 295,69 Gb Free Space | 73,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 230,17 Gb Free Space | 43,31% Space Free | Partition Type: NTFS
Drive E: | 3,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (vncserver) -- C:\Programme\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Bigfoot Networks Killer Service) -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BFN7x64) -- C:\Windows\SysNative\drivers\Xeno7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (BfEdge7x64) -- C:\Windows\SysNative\drivers\Edge7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 95 93 C8 DF 1C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.11 00:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 12:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.02 22:51:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 12:18:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.15 22:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2013.05.02 11:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\bpkjxz0n.default-1367487577688\extensions
[2013.05.02 11:52:13 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\bpkjxz0n.default-1367487577688\extensions\tabutils@ithinc.cn.xpi
[2013.05.02 11:40:29 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\bpkjxz0n.default-1367487577688\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.05.02 12:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.02 12:18:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.22 15:14:36 | 000,000,965 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: youporn.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.06.14 03:40:45 | 000,000,145 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.02 11:39:43 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Alte Firefox-Daten
[2013.04.30 15:13:39 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT(1).exe
[2013.04.30 15:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.27 18:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.04.27 18:09:08 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\players
[2013.04.27 16:54:10 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.27 16:54:09 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.27 16:54:08 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.27 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.27 16:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.04.27 13:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Temp
[2013.04.27 13:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.26 18:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 18:19:00 | 005,059,946 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:43:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.26 17:42:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.26 17:16:24 | 002,347,384 | ---- | C] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 16:52:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.26 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.26 16:49:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:09 | 000,700,783 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.23 13:17:13 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Updater
[2013.04.23 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.04.23 12:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.04.23 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.04.23 12:38:47 | 000,000,000 | ---D | C] -- C:\PS2
[2013.04.23 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\iConvert
[2013.04.23 03:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.23 03:50:44 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.04.23 03:39:37 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\fontconfig
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\gegl-0.2
[2013.04.23 03:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.23 03:18:55 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Carskin
[2013.04.17 22:55:27 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Backup
[2013.04.17 22:28:53 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\TM2
[2013.04.15 21:29:15 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.04.15 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.04.02 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 17:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 17:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 17:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 00:39:51 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2013.05.01 19:59:45 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
[2013.04.30 15:27:25 | 000,165,376 | ---- | M] () -- D:\Users\Fabio\Desktop\SystemLook_x64.exe
[2013.04.30 15:13:44 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT(1).exe
[2013.04.30 15:07:00 | 000,628,743 | ---- | M] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.27 18:15:43 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.27 18:15:43 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.27 18:15:42 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini
[2013.04.27 16:54:04 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.27 16:54:04 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.27 13:09:20 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.27 13:07:04 | 001,273,277 | ---- | M] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 23:40:13 | 000,082,344 | ---- | M] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.26 18:18:52 | 005,059,946 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:16:26 | 002,347,384 | ---- | M] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 16:49:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:12 | 000,700,783 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:10 | 000,448,512 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | M] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 23:56:50 | 000,077,592 | ---- | M] () -- C:\Windows\SysNative\ladfGSRCoinst_amd64.dll
[2013.04.24 22:15:27 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 19:51:10 | 000,461,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 13:39:35 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 13:35:15 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 13:35:14 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.23 12:41:36 | 000,001,391 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.22 18:24:04 | 000,139,976 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.22 18:23:18 | 000,282,825 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.22 15:14:36 | 000,000,965 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.22 15:14:36 | 000,000,964 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013.04.19 20:53:01 | 000,117,342 | ---- | M] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 16:20:04 | 000,000,132 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.04.11 23:51:19 | 001,460,661 | ---- | M] () -- D:\Users\Fabio\Desktop\Polo_Schwarz.jpg
[2013.04.05 23:58:27 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 23:58:27 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 23:58:27 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 23:58:27 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 23:58:27 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 01:10:59 | 000,001,362 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.30 15:27:24 | 000,165,376 | ---- | C] () -- D:\Users\Fabio\Desktop\SystemLook_x64.exe
[2013.04.30 15:06:54 | 000,628,743 | ---- | C] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.27 18:15:43 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.27 18:15:43 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.27 18:15:42 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2013.04.27 16:54:04 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.27 16:54:04 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.27 16:54:04 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.27 13:13:20 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:06:48 | 001,273,277 | ---- | C] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.25 19:16:50 | 000,024,209 | ---- | C] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.24 23:56:50 | 000,077,592 | ---- | C] () -- C:\Windows\SysNative\ladfGSRCoinst_amd64.dll
[2013.04.23 12:42:04 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.04.23 12:41:36 | 000,001,391 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.23 12:41:17 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.04.23 12:40:47 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.04.23 12:40:47 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.04.23 03:45:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 03:45:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 03:45:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.22 18:23:17 | 000,282,825 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.21 22:43:37 | 000,139,976 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.21 21:14:56 | 000,082,344 | ---- | C] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.19 20:53:01 | 000,117,342 | ---- | C] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.03 01:10:59 | 000,001,362 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.02.10 20:22:30 | 000,000,132 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.02.09 22:24:50 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.09 17:04:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 17:04:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 17:04:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 17:04:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 17:04:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 12:01:13 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI
[2013.01.26 11:51:06 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2012.11.09 00:30:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.11.01 01:40:51 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.01 01:40:49 | 003,233,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.01 01:40:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 00:01:09 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2012.08.08 23:20:23 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.02 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Ashampoo
[2012.09.28 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Audacity
[2013.02.03 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Canon
[2013.05.02 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Dropbox
[2013.03.23 03:13:29 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DVDVideoSoft
[2013.03.21 21:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\GHISLER
[2013.05.02 16:28:38 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\ICQ
[2013.02.10 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\iFunbox_UserCache
[2012.08.13 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\IrfanView
[2012.08.07 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Leadertech
[2012.08.09 20:27:22 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Notepad++
[2012.11.07 21:49:50 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Origin
[2012.11.21 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\ProtectDISC
[2013.04.22 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\redsn0w
[2012.11.09 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Softland
[2013.04.03 00:59:30 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TeamViewer
[2012.09.24 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Telekom
[2012.08.08 23:20:51 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Thunderbird
[2013.05.02 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TS3Client
[2012.09.25 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TuneUp Software
[2012.11.01 01:32:15 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B 02.05.2013 17:29
Servus,


hhmm. Das mit der Verbindung ist komisch.


Auch auf derartigen Seiten kann man sich infizieren...
Zitat:
O15 - HKCU\..Trusted Domains: youporn.com ([www] * in Vertrauenswürdige Sites)


Wir werfen mal einen Blick auf die Dienste:


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



aloukat 02.05.2013 17:38
Auch wenn das wahrscheinlich jeder schreibt, aber ICH habe das da nicht eingetragen, eben weil mir bewusst ist das solche seiten nicht die sichersten sind. Habe es jetzt auch direkt rausgenommen.

Code:
Farbar Service Scanner Version: 14-04-2013
Ran by Fabio (administrator) on 02-05-2013 at 18:35:56
Running from "D:\Users\Fabio\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

M-K-D-B 02.05.2013 18:14
Servus,



das sieht ok aus. Noch Probleme mit ligatus.com?


Öffne Firefox.
Klicke auf Firefox -> Add-ons -> Erweiterungen
Liste mir bitte die Namen aller Erweiterungen auf.



Warum ist die Windows Firewall aus?

aloukat 02.05.2013 18:38
War eigtl immer an... habe sie jetzt wieder aktiviert.

Plugins:
Sitzungs-manager
Tab Utilities (deaktiviert)

(Noch ist der Fehler nicht wieder aufgetreten, aber ich habe noch keinen Zeitlichen Rythmus gefunden, kommt immer mal wieder, zeigt aber auch nur einen weißen 1x1 Pixel an)

M-K-D-B 02.05.2013 18:40
Servus,



wir kontrollieren nochmal alles:





Schritt 1
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

aloukat 03.05.2013 10:32
malwarebytes:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Fabio :: Fabio-PC [Administrator]

02.05.2013 22:40:29
mbam-log-2013-05-02 (22-40-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243535
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f5a3463278dcda4f8d934e4b3e8725e8
# engine=13705
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-26 04:42:20
# local_time=2013-04-26 06:42:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 3968101 143704412 0 0
# compatibility_mode=5893 16776573 100 94 7556 118624390 0 0
# scanned=292066
# found=1
# cleaned=0
# scan_time=4903
sh=1E535583B55FE4933691110432AC975FF7DD01B6 ft=1 fh=53c0fb1e92f73673 vn="IRC/Randon.BT worm" ac=I fn="D:\Users\Fabio\Downloads\nirc2009.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f5a3463278dcda4f8d934e4b3e8725e8
# engine=13743
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 11:37:55
# local_time=2013-05-03 01:37:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 4507836 144247747 0 0
# compatibility_mode=5893 16776573 100 94 57516 119167725 0 0
# scanned=303282
# found=1
# cleaned=0
# scan_time=10326
sh=1E535583B55FE4933691110432AC975FF7DD01B6 ft=1 fh=53c0fb1e92f73673 vn="IRC/Randon.BT worm" ac=I fn="D:\Users\Fabio\Downloads\nirc2009.exe"
Security Check:
Code:
Results of screen317's Security Check version 0.99.62 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 TuneUp Utilities 2013 
 TuneUp Utilities Language Pack (de-DE)
 Adobe Flash Player 11.7.700.169 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1)
 Mozilla Thunderbird (17.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 ESET ESET Online Scanner OnlineScannerApp.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 03.05.2013 15:25
Servus,



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:files
D:\Users\Fabio\Downloads\nirc2009.exe

:Commands
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Ist das Pop-op nochmal gekommen?

aloukat 03.05.2013 16:01
Ich habe es ausgeführt, danach kam aber kein Logfile... Weder auf dem Desktop noch in irgendeinem ordner.

habe es dann nochmal ohne reboot ausgeführt, dann kam diese Logfile (also nach dem 2ten ausführen)
aber die datei existiert auch im ordner nicht mehr (auch nicht versteckt)
Code:
========== FILES ==========
File\Folder D:\Users\Fabio\Downloads\nirc2009.exe not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 05032013_165913

M-K-D-B 03.05.2013 16:05
Servus,


ok. Ist das Pop-op unter Firefox nochmal gekommen?

aloukat 06.05.2013 17:30
Hi,

also bis jetzt ist der fehler noch nicht wieder aufgetreten.

und zu dem Langsamen Internet, habe ich den fehler mitlerweile soweit eingegrenzt das das am Web-Schutz von Avast liegt. Wenn ich den ausschalte habe ich volle geschwindigkeit. Besteht die möglichkeit das sich in Avast irgendein Trojaner/Wurm/Virus eingenistet hat?

M-K-D-B 06.05.2013 19:29
Servus,


Zitat:
Zitat von aloukat (Beitrag 1057088)
und zu dem Langsamen Internet, habe ich den fehler mitlerweile soweit eingegrenzt das das am Web-Schutz von Avast liegt. Wenn ich den ausschalte habe ich volle geschwindigkeit. Besteht die möglichkeit das sich in Avast irgendein Trojaner/Wurm/Virus eingenistet hat?
das ist das erste Mal, das ich von einem Problem mit dem Web-Schutz von Avast höre.

Malware hat sich da nicht eingenistet. ;)
Könnte ein Problem mit einem anderen Programm sein...






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall TuneUp Utilities 2013
TuneUp Utilities Language Pack (de-DE).

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.










Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 2
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 3
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

aloukat 06.05.2013 19:43
Genau jetzt kommt er wieder :(

Bevor ich mit der Liste angefangen habe und beim Arbeiten mit Office...

M-K-D-B 07.05.2013 16:09
Servus,


ich frag mal intern nach, ob noch jemand eine Idee hat. :)

EDIT:

Erscheint dieses Pop-up NUR in Firefox, oder auch im Internet Explorer?



Lass mal bitte noch das hier laufen und poste die Logdatei:


Downloade dir HitmanPro (64 Bit) auf deinen Desktop.
  • Starte die HitmanPro.exe.
  • Klicke zweimal auf Weiter.
  • Lass am Ende des Suchlaufs ggf. auftretende Funde entfernen.
  • Wähle im nächsten Fenster Logdatei speichern und speichere die Logdatei auf deinem Desktop.
  • Poste die HitmanPro_<Datum_Uhrzeit>.txt mit deiner nächsten Antwort.



Außerdem berichtet ein anderer User >> hier << , dass das Problem womöglich an ICQ liegt.
Deinstalliere doch ICQ mal bei dir und schau, ob das hilft. ;)

aloukat 07.05.2013 17:49
Ja es öffnet sich nur in FireFox (aber nicht immer beim surfen mit firefox) wobei FireFox auch der Standartbrowser ist.

Das mit ICQ werde ich mal testen, kann ich jetzt nicht sagen ob da auch jedes mal ICQ an war. Aber werde ich Umsetzen und mal im auge behalten.

Hier schonmal das Log von Hitman:
Code:
HitmanPro 3.7.3.194
www.hitmanpro.com

  Computer name . . . . : Fabio-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Fabio-PC\Fabio
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-05-07 18:41:31
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 37s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 2
  Traces  . . . . . . . : 12

  Objects scanned . . . : 1.633.133
  Files scanned . . . . : 33.837
  Remnants scanned  . . : 491.220 files / 1.108.076 keys

Suspicious files ____________________________________________________________

  C:\Users\Fabio\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\wc002278.dll
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 187.1 days (2012-11-01 15:14:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabio\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\wc002289.dll
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 187.7 days (2012-11-01 01:32:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabio\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 187.1 days (2012-11-01 15:14:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabio\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll
      Size . . . . . . . : 972.501 bytes
      Age  . . . . . . . : 187.1 days (2012-11-01 15:14:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.


Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ (Trojan.FakeAV)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ (Trojan.FakeAV)

Cookies _____________________________________________________________________

  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\1E94RRU3.txt
  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\5AE11VU6.txt
  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\A4OTLV1B.txt
  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\HA0D5XIN.txt
  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\XQJXOC9E.txt
  C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Cookies\Z7HOS6R1.txt

M-K-D-B 08.05.2013 18:49
Servus,


Hitman hat nur unbedeutende Reste gefunden.

Deinstalliere mal ICQ und schau, ob das Problem noch auftritt. Wenn nicht, dann solltest du ggf. zu einem anderen Messenger wechseln.

Wenn das Problem nicht mehr aufgetreten ist, dann kannst du meine letzten Anleitungen von hier ausführen.

M-K-D-B 10.05.2013 15:42
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:08 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130