Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Skype virus (https://www.trojaner-board.de/135319-skype-virus.html)

busa 21.05.2013 19:51
Skype virus
 
Hallo meine freundi hat heute bei skype von einen bekannt ein link bekommen und ihm probiert zu öffnen jetzt kriegen alle eine fehler meldung vor angst das es immer so weiter geht hat sie skype vom rechner geworfen jetzt wollt ich wissen da es sich dabei ja um ein virus handelt is die sache damit gelöst oder wird wenn sie skype wieder rauf macht das problem wieder da sein,und falls das problem wieder das ist was kann ich dagegen tun? achso hab vergessen zu schreiben bei ihren antiviren programm kommt auch eine meldung von wegen, Worm:win32/dorkbot falls euch das weiter hilft

aharonov 21.05.2013 21:38
Hi,

diese Kiste ist definitiv infiziert.
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

busa 21.05.2013 23:44
hier nochmal die datein

aharonov 21.05.2013 23:47
Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].
Danke.

busa 21.05.2013 23:52
jetzt bin ich total verwirrt ich kenn mich mit computer nicht wirklich aus sorry.deswegen versteh ich jetzt gar nicht mehr

aharonov 21.05.2013 23:56
Ok, egal, dann lass das. Aber hänge die OTL.txt nochmals als zip-File und nicht als *.7z hier an.

busa 21.05.2013 23:57
Code:
OTL logfile created on: 21.05.2013 23:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free
12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012.01.14 02:31:49 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll뀀;㶉噯 佃䑎䥕ㅾ䐮䱌 File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PokerStars] C:\Users\user\Documents\PokerStars\PokerStars.scr File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe ()
O4 - HKCU..\Run: [Integrated Driver] C:\Users\user\AppData\Roaming\Mozilla\winmgr.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PokerStars = C:\Users\user\Documents\PokerStars\PokerStars.scr
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: PokerStars - C:\Users\user\Documents\PokerStars\PokerStars.scr - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.08.13 19:56:20 | 000,183,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.16 02:52:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 02:52:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 02:52:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 02:52:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 02:52:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 02:52:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 02:52:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 02:52:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 02:52:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 02:52:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 02:52:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 02:52:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 02:52:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 02:52:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 02:52:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 12:00:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 12:00:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 12:00:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 12:00:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 12:00:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 12:00:15 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 12:00:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 23:26:11 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.14 21:39:04 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:39:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 23:37:12 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 23:26:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.21 23:24:30 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 23:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 23:24:09 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 22:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.21 22:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 22:23:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\4619.exe
[2013.05.21 22:08:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\8866.exe
[2013.05.21 21:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\CC0A.exe
[2013.05.21 21:38:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\FBE.exe
[2013.05.21 21:23:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\5373.exe
[2013.05.21 21:08:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\96AA.exe
[2013.05.21 20:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\DA2F.exe
[2013.05.21 20:38:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\1596.exe
[2013.05.21 20:33:27 | 000,071,680 | ---- | M] () -- C:\ProgramData\FA2A.exe
[2013.05.21 20:18:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\3B8D.exe
[2013.05.21 20:10:02 | 000,071,680 | ---- | M] () -- C:\ProgramData\DF4B.exe
[2013.05.21 19:54:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\1CB6.exe
[2013.05.21 19:39:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\602C.exe
[2013.05.21 19:33:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\F0FD.exe
[2013.05.21 19:18:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\3359.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 23:26:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 23:26:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 23:26:12 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 21:38:57 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.14 21:38:55 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:38:54 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.05.14 21:38:54 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.21 22:23:30 | 000,071,680 | ---- | C] () -- C:\ProgramData\4619.exe
[2013.05.21 22:08:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\8866.exe
[2013.05.21 21:53:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\CC0A.exe
[2013.05.21 21:38:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\FBE.exe
[2013.05.21 21:23:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\5373.exe
[2013.05.21 21:08:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\96AA.exe
[2013.05.21 20:53:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\DA2F.exe
[2013.05.21 20:38:27 | 000,071,680 | ---- | C] () -- C:\ProgramData\1596.exe
[2013.05.21 20:33:25 | 000,071,680 | ---- | C] () -- C:\ProgramData\FA2A.exe
[2013.05.21 20:18:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\3B8D.exe
[2013.05.21 20:09:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\DF4B.exe
[2013.05.21 19:54:55 | 000,071,680 | ---- | C] () -- C:\ProgramData\1CB6.exe
[2013.05.21 19:39:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\602C.exe
[2013.05.21 19:33:37 | 000,071,680 | ---- | C] () -- C:\ProgramData\F0FD.exe
[2013.05.21 19:18:36 | 000,071,680 | ---- | C] () -- C:\ProgramData\3359.exe
[2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

aharonov 21.05.2013 23:58
Prima, genau so meinte ich. :daumenhoc

busa 21.05.2013 23:59
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 23:50:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                      fffff800033ac000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                      fffff800033ac02f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan                                                                        0000000077959604 39 bytes [40, 53, 48, 83, EC, 30, 80, ...]
.text    C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan + 40                                                                    000000007795962c 1 byte [F8]
.text    C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                  0000000072bb1a22 2 bytes [BB, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                  0000000072bb1ad0 2 bytes [BB, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                  0000000072bb1b08 2 bytes [BB, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                  0000000072bb1bba 2 bytes [BB, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                  0000000072bb1bda 2 bytes [BB, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076221465 2 bytes [22, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076221465 2 bytes [22, 76]
.text    C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076221465 2 bytes [22, 76]
.text    C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076221465 2 bytes [22, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2
.text    C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076221465 2 bytes [22, 76]
.text    C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000762214bb 2 bytes [22, 76]
.text    ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Explorer.EXE [1732:3412]                                                                                                      00000000056548b0
Thread    C:\Windows\Explorer.EXE [1732:3416]                                                                                                      00000000056557a0
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4900]                                                                          000007fefbce2a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4908]                                                                          000007fee34ed618

---- EOF - GMER 2.1 ----
Code:
OTL Extras logfile created on: 21.05.2013 23:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free
12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4319:TCP" = 4319:TCP:*:Enabled:Remote Assistance Local
"5812:TCP" = 5812:TCP:*:Enabled:Remote Assistance Remote
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024490DC-DC56-4DAA-B9B2-80B58BDE029D}" = lport=58530 | protocol=6 | dir=in | name=pando media booster |
"{037E821B-841F-4C69-BCA0-A344E27572A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{0425BCDF-08A4-4C21-93E6-41815451C7AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{071DABEE-402B-4869-AC3F-DECF8D04B1E5}" = lport=58530 | protocol=17 | dir=in | name=pando media booster |
"{2AED87C9-9501-41A9-9040-F5FD8F0C5C83}" = lport=58530 | protocol=6 | dir=in | name=pando media booster |
"{3151696E-65EE-4812-B02B-A94F64D58C68}" = lport=58445 | protocol=17 | dir=in | name=pando media booster |
"{348CEBFA-508A-4C67-AF5D-676816B5D1B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{37CBFEF5-19DF-4EA0-A1BC-86BFE13C3C31}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{4C98CBB7-C520-46D8-A420-EF2F9D87F4CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E461E35-1595-4996-B831-ACE266F73D0E}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\tools\launcher.exe |
"{570D004B-D1B4-4409-8D25-6003847CB302}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{580D1AC6-E965-4910-A65B-4982102AE3B0}" = lport=49235 | protocol=6 | dir=in | name=akamai netsession interface |
"{587D5537-350C-4E39-AC82-3A9F3EA6EF02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5C5B287C-DE35-41D8-8FCC-27AAEE4C6D20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E54C900-9577-4D5F-9EFD-7D7B3AE8911F}" = rport=138 | protocol=17 | dir=out | app=system |
"{656C6A7D-3BD3-410E-80DF-90472221CDF4}" = rport=445 | protocol=6 | dir=out | app=system |
"{732BA7A7-49A0-4D42-BBBB-4D5C53ADAF5F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7AB9F357-13A4-4A23-BD35-D62834F1CE08}" = lport=56544 | protocol=17 | dir=in | name=pando media booster |
"{7FAE09BE-6193-4E45-9996-578C220AD82E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{859E2FD3-54DA-451A-ACCE-B548B1159B84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{863A9064-953F-40B5-A55A-967BB4557B97}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F435-049A-429A-8B08-F63773F09C3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87F0099B-0E30-4A38-B4FA-60FA768203BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E440427-780D-49C7-9735-CCDD81EB665A}" = lport=58445 | protocol=6 | dir=in | name=pando media booster |
"{93E41EC4-B597-4CDD-B09D-0546691FE6AE}" = lport=58530 | protocol=17 | dir=in | name=pando media booster |
"{94671735-2C2A-4C90-A385-FA3D489DA303}" = lport=56544 | protocol=6 | dir=in | name=pando media booster |
"{9AA20F22-95B1-4F4D-97B9-CFE3B6BBEDAC}" = lport=56544 | protocol=17 | dir=in | name=pando media booster |
"{9ADDFA46-8DEB-4357-AB3E-B0AF374FF119}" = lport=58445 | protocol=6 | dir=in | name=pando media booster |
"{A2CA7A8B-7219-4BA4-A550-4B52D02B8309}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A70EF457-65FA-4CBE-AA6F-2B6F5F9D52A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7994482-27B9-4BE9-B2E3-A534C286D8C0}" = lport=56544 | protocol=6 | dir=in | name=pando media booster |
"{BB13B974-4855-4FB4-9E75-61305C9D79E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC191E7A-6542-4BD9-83B6-AA3057A7553F}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC275F8B-D1F1-40DE-AB21-D581D6CA2A04}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{D4C5291D-4141-4F7A-8619-C28261A33EEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D86D62B1-442E-4C35-BEBB-3DED209CF0DE}" = lport=58445 | protocol=17 | dir=in | name=pando media booster |
"{EB3985A1-CDE0-4A07-932C-3951CC3D2119}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED9F17F5-6E0C-4655-A10B-163D16853A1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FDFD3546-B47B-41E6-B837-CCC79775E202}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012B7A71-012F-47E9-9C7E-68A060FEFA53}" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"{028D80BB-B70D-4B61-8518-0555B3F127F9}" = protocol=6 | dir=out | app=system |
"{051963BC-DAF5-4C8A-A6F9-170E2FCD3C9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{095071B6-903E-4B57-AB82-90D566E374F8}" = protocol=17 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{0AAE1B9A-05AB-4495-9A64-EFE2BF0328F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B10F62F-B56A-4A6B-8A76-AFE03380673F}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{0BCFC4E4-06A3-4062-9E46-FD73AD8ADA57}" = dir=in | app=levelr.bin |
"{0D1E8651-1AE2-4C3C-85DC-F7E5604AE609}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{0FAA446D-7339-466A-AF08-5B277047E588}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"{10E9D0BA-7C1D-4614-BC5D-1F827CF01C0E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{11F15D93-D443-4B1B-8EA8-15370144B46F}" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{12A4AD2E-F22E-46C8-B5BD-59E6AC4B0E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{12B6B00E-8526-4380-A5D7-CE1AFD048CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{13331879-4F9D-49D5-A7B4-9EF98278EDA3}" = protocol=17 | dir=in | app=c:\users\user\downloads\utorrent.exe |
"{13CB2A47-C42C-42C9-80D1-621095A1956D}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{13EB0206-DE55-4BD4-AFDA-C1355B5CC050}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{148AF18F-53C2-4BF3-B2D0-3A5B866E52E9}" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{14C21B87-F7A5-43B0-ABCB-11ED911E7341}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"{154396AE-1CF5-41CE-9657-633E7A3228B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{156E318E-F3EE-46CB-A5FE-B3CB3EB3938C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{1570FF38-576E-4298-B1C3-5F724D3EF0E8}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstar.exe |
"{163EDD2D-B74F-4FB5-AA60-5559AF2C039C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{17F1B9A8-021E-48CE-9237-C1062402D564}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"{1917BC30-6A20-4253-B901-4A8F451569AB}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{1A86B1B4-A6EF-417D-A3B4-8B4C59254750}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{229E7E9D-E06F-42F2-B7AF-433361D6B691}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"{22B39F94-4F7C-4055-A86D-5DF4732749E9}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{23222283-2D56-42CB-9BD9-CFE30657381F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{23EB719F-E63B-493F-B1A3-825CF7C08CFB}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{263881B7-BBD1-4E8C-B046-7E79AFEFA72C}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2650B705-5EE7-4E2C-B8C5-D03047084A7C}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{29A2FA4A-3246-4925-A55D-52B110012ED7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DC870EC-6FFD-41A5-908F-703B8341F9A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2F872DD0-901A-4D97-919B-D040AF6BC0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{32484BBB-1F69-42C6-A48F-EFA8911BEE89}" = protocol=17 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{33033F9C-4051-4F75-A103-15D17648B200}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34346DB5-BF1C-438E-9A5A-184E597D962C}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{347CD297-8E59-44E3-90B3-4C4CDC45B47C}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{34D4DC71-8C37-4768-A217-3CD7B792E2AC}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{366E29A6-EA9C-4021-81B3-26092F7C5A06}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{3693DC16-D881-4511-BE58-8B42D2BE48ED}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{3806D649-5D12-411A-8503-B7BB984C6B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{3A9760F1-3A8B-4208-B292-72F8B54072A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{3C010C19-9C6C-4745-B17E-414D57A7B365}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe |
"{3EF1A9E3-9388-4523-8179-19A7CB570BF4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{421EF5DC-F68F-4DED-8690-AE6D58ADFAC7}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"{4263C3DD-0C33-4475-8096-DF35FD9622A1}" = protocol=6 | dir=in | app=c:\users\user\downloads\utorrent.exe |
"{455CA5E4-6DF0-432E-A4CA-2880E1E59888}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe |
"{4611D45A-359F-4C2E-BD14-77D8E11B6AA9}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe |
"{46CE64F1-9C1D-4AD5-9139-0D00711AC2E1}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{46F2598F-061B-4B3C-B5CE-DF0675FAC5BC}" = protocol=17 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{4898D1E4-F96A-4648-963C-CAE10FD1393F}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{49495210-AD27-4FC5-84E9-1E43ADCC79E4}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"{4E17F503-322D-4A6D-A24B-1A7E566AD22B}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{4E324369-F0D3-4FBF-8482-20A484C8C05C}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"{50E226DC-0EC4-4C7A-A858-8D403285BD64}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{52A7E715-30EE-41DE-B4FA-B882C844AFE3}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{52B94BCB-9E37-4C83-9F59-C6DD167002BB}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe |
"{5497FD1F-8C93-4E94-9949-C9D861943D1A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{54F311AB-BCFC-415B-9C3F-DC29302C523F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{54FA24A9-79B3-4E01-B671-552EF8551914}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{5526A378-B2DD-4368-A9CE-3AEE4937BA66}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{56B4D626-CEDD-4925-BB79-D047B3D88B66}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstar.exe |
"{574682E0-AB62-45E6-80D7-579DF91AD41B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{577745A5-0573-4324-89ED-0899D7A43C44}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5AD5FF7C-E3AE-4FDE-9D77-575BC4C1E55A}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{5C6D1E0F-BBBC-4FA8-ABCD-7993E684EEED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5D2B7928-A3C6-4648-A326-38FF02F9A197}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{5D96F1DA-129B-45D3-8BD9-4415291316A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5DC8484F-D1B8-4CED-8201-EBF8B22AE4FA}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"{5E89604E-27B8-46F2-A080-3FEF265484F5}" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"{5EE1B7F0-E910-479A-B3F7-876D3ADD8AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{6098F3CD-F958-46AE-9091-3FC8A2992BE1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{624DC7BA-72DD-4751-878E-8A345193B536}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{63AEDED1-51C8-4023-9AEA-07CCDA025996}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6474899D-1595-4C1A-A43D-5E8AE8EB6E05}" = protocol=6 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{655A1AF1-8E79-454B-A09B-753FBDE07683}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{6681EA39-D829-4A82-907B-8F1709CF1ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{66F18244-C809-42CA-82FB-13D45ABC49CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{68129668-8EB5-441C-AF58-18BC960DDDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{696470EB-7493-4F9A-A3CB-A1931EFB4C45}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe |
"{6965C9EF-68A5-462B-8E4D-DD5119D20C76}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{69A40B8A-3D62-4C64-B309-20CB1125C888}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{6B9BCC58-7507-4886-AA0E-B368758865D9}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{6BC2878D-F010-4D57-A0B3-EBDF312A5049}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6C04D010-DF07-4D74-86AC-874AE11CE07C}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{6D65B78E-3094-4DFC-AAC8-EEF0423D0394}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6DC7AF4D-B35C-4C59-84CF-F7ED22367FF5}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6FFB2AE0-0DC2-4D66-9995-7E7985FAED99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{712D619C-83A3-4F9B-BA9D-409786B1B311}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{714464B2-C76F-49D5-8E6E-FE1D45C96A6F}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{728B55B8-1D74-472D-BC4C-154BAFD2D3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7316061E-06FA-467F-9C2D-E3A9F33B97A8}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"{73852FBB-F9C4-4C2B-990F-2D78A400EBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{7454DD7E-4306-4E64-96C2-767200BF4159}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{75902E15-779B-4522-8F5B-6C081161B4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{763A6A5B-1DBC-49AB-8249-528D9B4EC352}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{78D9D35C-C145-42B6-B2C2-47AF2A9A6D61}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78F025A2-4291-4DD4-B04D-00CF36E2D0DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{795967E2-B607-4EC5-A6D0-76C17585FBDA}" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"{7EF4FA6E-7022-4B33-8745-A3907A0F4EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{7F7598E8-9334-4BCB-AE97-D4294B9B6969}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{8061D75E-6B57-4DC2-961F-629A49A11EE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{81BC1E5F-F3B6-473E-B33C-EEE458752235}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{844DA98A-489D-4B5A-B8CF-78E1414594AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{87A0929E-02F9-40B0-95CB-924F4CCD18B7}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{8D0A2C76-0448-4CB0-8F7B-10CD3BC05410}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"{8D77A37B-858D-4EA3-B6F0-38C8E5F7BDF8}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{8EFEEA82-0CA8-43A8-AA23-18AB9D1C1192}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{900CEA9E-76C7-4402-A526-6C425D836017}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{90B1D026-CC40-4AAF-B88B-270BCDD851EA}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{92D82719-7C2C-4233-B8A1-C6CCC56FBCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{95775531-06AB-414C-B89F-CFE0ECC02B1E}" = protocol=6 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe |
"{991FF523-1B8B-4A2E-956C-EF2240982A22}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{9B2EDDA2-060D-4A72-A111-B5D50CF11BC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9B6FB34B-1C7C-4E62-AAAF-62A2D7EEDFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"{9DA6CC4C-CF2C-4934-BB78-2C9879CA0892}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{9FB6223F-8956-41D2-A38D-8DBAE50316CB}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{9FE461AA-8B90-486E-A065-73F69D9450FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A16AF5C1-0CBB-4DE1-8AE2-D5ABDF22B211}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{A1AF426E-33E4-4A91-8B88-69A3BA10C420}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A28E333B-428E-41A6-987E-3438F0B4FD30}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{A367B2DC-390E-4E4C-9AC2-9F8970DC2561}" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"{A397F26B-4461-4477-A7E5-E2BEFC36771D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A747B66B-19A1-4293-96CB-5F850EB62B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{AA5B5D69-D0CD-4873-9FD6-587CB34050E8}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{AB480A07-7C04-482F-B476-98DBAE704D66}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{ACC455B0-97FA-4F1F-B8BB-5F4FF30797C8}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{ADA3743D-58BD-48BE-A2F4-BE48B90F4F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B03DD69D-FF59-437D-ACBA-1BD0AEDB8363}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"{B3CBF20F-4D82-4F4D-9822-5B67C53AA62B}" = protocol=17 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe |
"{B42B8C4E-8C6C-407C-A9EE-7E0085C73D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{B4AECC43-7259-44CC-B188-9BB18D16B056}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{B68118BC-D191-4AB0-8B58-2AB92EAD9BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe |
"{BBD60DC7-9F57-408F-B65A-31BF5CE3E3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{BCD53722-45F2-4046-BF82-CA73D66A0C9F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE832C31-F3E4-45BD-92DF-0A4DEA441535}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{C34C8BA8-011B-4DD5-849A-52E226DBDCB1}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe |
"{C3AFD985-0828-4205-954B-0AF111B66188}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5252961-6AAF-419D-9DA7-F393FA16CF92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6D9F675-36A0-44B9-A4DE-69C7861B6AD2}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"{C7F89184-3610-432B-AA82-41175C0CE36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C822F2F7-81E1-4F39-BCFE-0B62B44CF127}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{C89C3188-3AF1-4BF6-82F3-97850D1F5BB0}" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"{CA2BDF41-7629-4EE3-BA96-10B512EE7F3A}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"{CAEA4AD1-0962-48EC-8B1A-2EC8793EF9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC5224FD-C7FE-49C6-8445-7CCCD6D76120}" = protocol=17 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe |
"{CDACA8DE-FF06-444A-89A6-D25BC10B77F5}" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe |
"{CDE946DF-A63D-41CB-B7D7-294BB944D5B6}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{D121A5E4-72AE-4E43-8016-9BBD8946231E}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{D531E277-6C1B-4E0C-8228-84E01DF09D02}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{D6893CD3-B70F-46BB-BE95-6C1A75071408}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D72B96FB-D2B5-422B-8CA9-80DD6E85644B}" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe |
"{D85E8ED7-8266-4D76-94B0-FB8D552363AD}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"{D8EF3E74-CE18-40C6-8297-2C0FCB30D961}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{D93FEF3D-3E59-49B6-B3F1-7985B31DB0BC}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"{DA76710D-206B-4239-851B-5D6624D8860B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCB8A490-E508-474C-9CB6-1D1233DE8933}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DEEB17BF-2507-48B1-A131-A5AE606E02D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{E0F718B0-1C5F-4E47-A60C-CAE002C1CE22}" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"{E21F5D54-232D-4452-82FC-CB604639538D}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe |
"{E2D427F3-24DA-4C68-9DB7-EF828998C1F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D3DEBF-7D29-4BB8-8D94-CCEC7A9705BB}" = protocol=6 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe |
"{E536A6C2-C11C-4865-80C0-DA9D6F74AEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{E691AD3B-652C-47F8-AEBF-8C4DE114582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E71B68D9-8B93-4C50-AE7C-B59582B0ECFD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{E8FEBCC3-32C7-4C90-898D-0A9661DC9B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"{E9F65E66-7514-4960-8E45-F65AA737A740}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EA8D9709-477A-4D54-82CF-2564231A1463}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{EB629D38-F128-4BEC-A503-79866F78E6C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{ED72AA1B-CE5F-4EDB-9B9E-CB1F4E49EEE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA1A2E0-8542-4512-9D9E-7062FF85D242}" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"{EE613A8F-1134-4B92-998B-56CC795588EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{F2A897C2-5952-40A8-90AE-9A1E9E838048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{F3F01057-4547-46C9-93B8-56DD8817399A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F64FC1B4-E297-4450-8CC9-AD20E9CEC7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{F724F2BC-ACFA-41D2-AD23-69803A7FB335}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{F8B7722B-15D2-45DE-9A59-0952E00BA3F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9F0144B-2CE1-4BCF-A10A-B8A294E494E8}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{FA78AC4A-7379-4CC9-9ABA-5A9DE541105F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{FD8746F4-8E28-404E-A799-1F3BA92CCD5E}" = protocol=6 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{FECA4F58-8861-44A8-8B3B-AAD0B67FE27E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFC4295B-4E30-447A-A83D-A23F19D606E3}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"TCP Query User{0744FDA1-78FD-4E6B-ACA9-F9AD485990CA}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"TCP Query User{07F422C5-816D-497C-B08C-26BD9FFAA6E2}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{0AAF023D-8E9D-4060-A921-42DF881A3D9F}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{126EE4AA-570A-4AA6-BB9F-5F982F83A3F6}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"TCP Query User{16E97906-9C69-4472-9B26-A61DBEB749CA}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{2348C923-9803-4235-A55C-BDC503AAC28A}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe |
"TCP Query User{24654ECD-2119-4FD7-96EB-337D9436FC09}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"TCP Query User{2BAC8F82-183D-4AB1-A1C0-A3A9D6CFEB9E}C:\users\user\desktop\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"TCP Query User{362CCED2-8337-41E9-B5FF-CAD5AF0F3CAF}D:\di\deadislandgame.exe" = protocol=6 | dir=in | app=d:\di\deadislandgame.exe |
"TCP Query User{3F9CC23A-89BD-4EFE-AF7C-564E902EB021}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"TCP Query User{5126378B-CF52-4176-ADF2-F51E4DCA160E}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{5A04FB88-ED3A-40B1-8E31-33D5658EF4C6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"TCP Query User{5D3A2685-B936-4DD0-9CC2-0A80E3B80DC7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5F93DA30-8C47-4F62-9D64-5A3F64EA0AEB}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{61BFCCE9-BB99-48D3-9645-972C759298CC}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{68A8E39C-375F-4335-B901-D7ED56E52844}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"TCP Query User{6B0AEFFD-23E8-4A4D-8134-B3177CDB0483}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"TCP Query User{72FDE2DB-ED92-4C33-92AC-FA08D67039B6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"TCP Query User{76BEC1A8-2C78-46F2-856C-4D8262D103A8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{7DAF71EF-F927-45EA-850F-24C2352B7BDA}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{7EA77A10-07A8-44DE-8017-464EA62E0902}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"TCP Query User{896AA2FB-8ED8-42F0-9263-EE70E76D6B78}C:\program files\gamigo\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"TCP Query User{91BB64BC-A19F-40C5-BAAE-F84B125259FA}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"TCP Query User{9202B557-B0A3-4088-8F15-006D9714B2A2}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe |
"TCP Query User{9BF4FC09-4D5D-4D23-92D5-D332EDB34FE3}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{9C7EC8D4-7ECC-4CD2-87F7-AEEA2BE9C90D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{A0604FDF-04D0-4A4A-884A-885384DA656F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B0BE1425-2696-41FB-9EEC-7491E09BCBA4}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{B29974A4-E982-4E46-9A89-5680C2287AF4}D:\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe |
"TCP Query User{B983E990-42A1-478A-BF2A-33BBC7957832}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{C388C7E5-6A7E-4456-BF61-0894A3AEE575}D:\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe |
"TCP Query User{D1569EB9-26B5-4FD3-8F9B-4DD268E203C9}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{DC655847-5026-485D-BD73-314DC3D4B884}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{E3B1472A-06AF-4105-A3E5-E9CA098E810B}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{E49C3ADC-78D7-460C-89C7-64BB3BC6ABB8}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"TCP Query User{EC5A3825-8EFD-4B75-A245-D57D4022181A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F8614C83-5762-40DE-B887-07779E78E4B5}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{F949D56E-8937-4CEE-9927-A183F3AEFE5F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{FFB2BDCD-1BCE-413E-9F21-1C48D27111E1}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe |
"UDP Query User{00B16FA7-DDB3-42B8-8091-EF35DA431D34}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{01183963-785D-47B7-BEFB-EC6DC2C191E6}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{09BC906C-B8CD-4DC0-86D8-91CFF850EEE9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0DE095A4-9FE6-4D36-9396-50549E0D0653}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{14CB14F2-850C-4B86-8C1E-302D76616715}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"UDP Query User{1C255329-EFFD-4086-98D4-20BE449916B9}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe |
"UDP Query User{1C6C4398-EE6E-4219-8313-C77ACDE41562}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{2E5DAA7D-F92B-45BA-8CAC-22701BCFB101}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"UDP Query User{329A8240-8078-4948-81FA-5435329060BF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{347182ED-575F-4728-A9DE-6FC8C739D65E}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{3EE38F09-CD9D-4FD9-95D2-8B5BB9B612AC}D:\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe |
"UDP Query User{4159C364-69E7-45BA-8CC6-C887315DAF8A}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{57D8B9C9-C7C9-482F-90C3-82F36A047AEB}D:\di\deadislandgame.exe" = protocol=17 | dir=in | app=d:\di\deadislandgame.exe |
"UDP Query User{68E16083-4360-4606-9D96-4C39715FA10E}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe |
"UDP Query User{692670F3-4ECA-4565-BC3A-8AB956B0757C}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{7266CB73-9877-4FD8-9E25-7A5F9AB67F89}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{7CD37311-245B-482C-967A-58B323264275}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{7EA73ECD-D5FE-4726-80E5-03A1C9A480C6}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{852778E8-699D-4A0B-ACC8-56C3F22C85E0}C:\program files\gamigo\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"UDP Query User{864C9DA6-E62E-47B3-8C8A-552873C91301}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe |
"UDP Query User{87B5D65D-510C-4A47-A689-6F89A581858A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{8D6EC5DB-3FA9-4D93-9F84-EC8F9A932BF7}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe |
"UDP Query User{9266EC45-D9C5-44DE-A8F4-A362025D91B4}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"UDP Query User{9A58D0B8-B365-445B-BCA3-DF29A9E26377}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{AA435997-6D53-4706-A930-1EAE08F2F470}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"UDP Query User{B66F766F-FC1F-4AEC-B8EA-CAD0223DB762}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"UDP Query User{BB33F0FA-DFFB-40CA-AB40-E3734EDFD87B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{C68E281D-27C1-410B-AE74-053BD5501A4A}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{C7D49D84-B3DB-46CE-B7E5-550EA9D12DB9}C:\users\user\desktop\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"UDP Query User{D8F23CE9-E720-49A7-AB88-C74B737446E7}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"UDP Query User{DAD3404A-8176-4479-AA8C-5EED061B0BA1}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{DB8D3AB0-D6EF-4261-B027-313DBC634C63}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"UDP Query User{E53BAFD3-0F24-4725-97F3-3B9506F15E9A}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{E6E32BC1-AC7C-4E27-9FFE-D938ABFB4909}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{EC49F6C2-9037-46F6-8899-4B9C362E72DF}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{EFCF4504-997D-47FC-B2A2-08A4AFB76364}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F51B46CF-E08D-458B-9543-D6EEFF293389}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"UDP Query User{F9A8D3E2-C35C-42B2-BAE1-6A1C4BE9B18F}D:\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe |
"UDP Query User{FBA6195B-F039-42BF-9F6C-078230ADA4B2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"C-Media CM106 Like Sound Driver" = Trust 5.1 Gaming Headset
"HoneyView3" = HoneyView3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{A3EBC021-4FBA-40DB-BC59-9C5ECEF3514E}_is1" = PESJP Patch 2013 version 3.0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"aTube Catcher" = aTube Catcher
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackShot" = BlackShot
"Borderlands 2_is1" = Borderlands 2
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DMO" = GDMO
"facemoods" = Facemoods Toolbar
"Generic USB 108 Sound" = TEAC
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Giraffic" = Veoh Giraffic Video Accelerator
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Pangya" = Pangya (Ntreev SG Interactive)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PlayCatan Client" = PlayCatan Zugangssoftware
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12900" = Audiosurf
"Steam App 230410" = Warframe
"Steam App 234710" = Poker Night 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Steam App 91310" = Dead Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-C:/Users/user/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2013 05:41:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.05.2013 06:38:09 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 21.05.2013 13:40:31 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.05.2013 14:19:08 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.05.2013 14:39:19 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.05.2013 16:13:54 | Computer Name = user-PC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 21.05.2013 16:13:55 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PESEDIT.exe, Version: 2.1.0.0, Zeitstempel:
 0x51706042  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x2e8  Startzeit der fehlerhaften Anwendung: 0x01ce565fb4367964  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: f631dafc-c252-11e2-8386-0025227cbc5f
 
Error - 21.05.2013 16:30:59 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 21.05.2013 17:06:54 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 21.05.2013 17:26:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 21.05.2013 05:40:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 21.05.2013 05:40:26 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PxHlpa64
 
Error - 21.05.2013 13:38:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 21.05.2013 13:39:24 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PxHlpa64
 
Error - 21.05.2013 14:17:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 21.05.2013 14:17:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PxHlpa64
 
Error - 21.05.2013 14:37:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 21.05.2013 14:38:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PxHlpa64
 
Error - 21.05.2013 17:24:28 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:  %%126
 
Error - 21.05.2013 17:24:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  PxHlpa64
 
 
< End of report >

aharonov 22.05.2013 00:03
Ja da läuft doch einiges an Malware...
Hier sind die nächsten Schritte für dich:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL

busa 22.05.2013 00:20
AdwCleaner Logfile:
Code:
# AdwCleaner v2.301 - Datei am 22/05/2013 um 01:10:23 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE3E4F76-730F-4A7A-B79A-1A51F7096121}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC9054C1-3CB4-445F-8623-C16134852DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

-\\ Chromium v      directory_upgrade: true
  }

-\\ Opera v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[S1].txt - [15070 octets] - [22/05/2013 01:10:23]

########## EOF - C:\AdwCleaner[S1].txt - [15131 octets] ##########
--- --- ---


Code:
ComboFix 13-05-21.01 - user 22.05.2013  1:26.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.6143.4795 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\1596.exe
c:\programdata\1CB6.exe
c:\programdata\3359.exe
c:\programdata\3B8D.exe
c:\programdata\4619.exe
c:\programdata\5373.exe
c:\programdata\602C.exe
c:\programdata\8866.exe
c:\programdata\96AA.exe
c:\programdata\CC0A.exe
c:\programdata\DA2F.exe
c:\programdata\DF4B.exe
c:\programdata\F0FD.exe
c:\programdata\FA2A.exe
c:\programdata\FBE.exe
c:\programdata\fcfccbdcadbsacfsfdsf.exe
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmp79C2.tmp
c:\windows\SysWow64\tmp79C3.tmp
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-21 23:07 . 2013-05-21 23:29        76232        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54        --------        d-----w-        c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50        964552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-21 17:18 . 2013-05-21 23:38        91136        ----a-w-        c:\programdata\fcfccbdcadbsacfsfdsf.exe
2013-05-20 11:05 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26        17613192        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19        --------        d-----w-        c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19        --------        d-----w-        c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21        --------        d-----w-        c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55        --------        d-----w-        c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44        --------        d-----w-        c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38        --------        d-----w-        c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47        --------        d-----w-        c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47        --------        d-----w-        c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38        --------        d-----w-        c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:24 . 2013-04-23 12:24        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41        866720        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45        905296        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 10:00        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41        149504        ----a-w-        c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40        112640        ----a-w-        c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32        25256224        ----a-w-        c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32        2505144        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32        15129960        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32        6262608        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32        2826040        ----a-w-        c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32        18055184        ----a-w-        c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32        1107440        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28        1814304        ----a-w-        c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32        958120        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32        2720544        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32        26929440        ----a-w-        c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32        7932256        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32        2346784        ----a-w-        c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32        245872        ----a-w-        c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32        11036448        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23        1510176        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32        2904352        ----a-w-        c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32        20449056        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32        15053264        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32        7564040        ----a-w-        c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32        1985824        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32        12641992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32        9390760        ----a-w-        c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32        201576        ----a-w-        c:\windows\SysWow64\nvinit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"fcfccbdcadbsacfsfdsf"="c:\programdata\fcfccbdcadbsacfsfdsf.exe" [2013-05-21 91136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Integrated Driver - c:\users\user\AppData\Roaming\Mozilla\winmgr.exe
Wow6432Node-HKLM-Run-PokerStars - c:\users\user\Documents\PokerStars\PokerStars.scr
SSODL-PokerStars-c:\users\user\Documents\PokerStars\PokerStars.scr - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-PlanetSide 2 PSG - d:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  01:39:42
ComboFix-quarantined-files.txt  2013-05-21 23:39
.
Vor Suchlauf: 15 Verzeichnis(se), 23.475.597.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.261.698.560 Bytes frei
.
- - End Of File - - 444A3CC7D6743978931F4BAB6652DF3E
Code:
OTL logfile created on: 22.05.2013 01:55:33 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 67,94% Memory free
12,00 Gb Paging File | 10,39 Gb Available in Paging File | 86,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 27,83 Gb Free Space | 11,23% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 136,02 Gb Free Space | 19,90% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.22 01:37:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 01:53:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 01:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 01:23:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 01:54:15 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.22 01:53:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 01:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 01:52:50 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 01:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.22 01:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 01:37:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 01:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios
[2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.11.07 01:41:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2012.11.13 10:14:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient
[2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT
[2012.11.14 21:38:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013.05.22 01:09:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

aharonov 22.05.2013 01:40
Lass bitte Combofix noch einmal genau gleich durchlaufen und poste das neue Logfile.

busa 22.05.2013 12:02
Code:
ComboFix 13-05-21.01 - user 22.05.2013  12:21:35.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.6143.4462 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fcfccbdcadbsacfsfdsf.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 10:29 . 2013-05-22 10:29        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-21 23:07 . 2013-05-22 09:58        76232        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54        --------        d-----w-        c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50        964552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-20 11:05 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26        17613192        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19        --------        d-----w-        c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19        --------        d-----w-        c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21        --------        d-----w-        c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55        --------        d-----w-        c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44        --------        d-----w-        c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38        --------        d-----w-        c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47        --------        d-----w-        c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47        --------        d-----w-        c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38        --------        d-----w-        c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41        866720        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45        905296        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 12:24 . 2013-04-23 12:24        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 10:00        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41        149504        ----a-w-        c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40        112640        ----a-w-        c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32        25256224        ----a-w-        c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32        2505144        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32        15129960        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32        6262608        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32        2826040        ----a-w-        c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32        18055184        ----a-w-        c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32        1107440        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28        1814304        ----a-w-        c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32        958120        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32        2720544        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32        26929440        ----a-w-        c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32        7932256        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32        2346784        ----a-w-        c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32        245872        ----a-w-        c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32        11036448        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23        1510176        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32        2904352        ----a-w-        c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32        20449056        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32        15053264        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32        7564040        ----a-w-        c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32        1985824        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32        12641992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32        9390760        ----a-w-        c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32        201576        ----a-w-        c:\windows\SysWow64\nvinit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R1 tuxnrfkk;tuxnrfkk;c:\windows\system32\drivers\tuxnrfkk.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-fcfccbdcadbsacfsfdsf - c:\programdata\fcfccbdcadbsacfsfdsf.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-22  12:38:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-22 10:38
ComboFix2.txt  2013-05-21 23:39
.
Vor Suchlauf: 16 Verzeichnis(se), 34.166.403.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 33.855.541.248 Bytes frei
.
- - End Of File - - 1F38C38F6C69A9AFFEDC312A2CDB193E

aharonov 22.05.2013 12:20
Jep, dann so weiter:


Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Bitte poste in deiner nächsten Antwort:
  • Log von MBAR

busa 22.05.2013 13:07
Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]

22.05.2013 13:35:53
mbar-log-2013-05-22 (13-35-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30618
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
c:\Users\user\AppData\Roaming\Macromedia\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\OpenOffice.org\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\TeamViewer\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\vlc\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Delete on reboot.

(end)
Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]

22.05.2013 13:58:43
mbar-log-2013-05-22 (13-58-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30638
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aharonov 22.05.2013 13:24
Gut, dann bitte ein frisches OTL-Log:


Schritt 1
Code:
dir /a/s/b "c:\Users\user\AppData\Roaming\*.exe" /c
  • Schliesse bitte alle anderen Programme.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von OTL

busa 22.05.2013 13:27
frage wieder das otl so wie beim letzenmal oder?? weil nicht versteh mit der codebox die du da grade gepostet hast

Code:
OTL logfile created on: 22.05.2013 14:30:22 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,80 Gb Available Physical Memory | 79,96% Memory free
12,00 Gb Paging File | 10,74 Gb Available in Paging File | 89,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 33,58 Gb Free Space | 13,55% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,15 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.22 12:32:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013.05.22 12:38:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 12:32:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.22 12:20:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 14:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 13:52:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:52:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:46:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.22 13:45:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 13:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 13:45:10 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 13:24:42 | 012,917,756 | ---- | M] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 13:12:15 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.22 12:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 12:32:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 13:24:37 | 012,917,756 | ---- | C] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios
[2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.11.07 01:41:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient
[2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013.05.22 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< dir /a/s/b "c:\Users\user\AppData\Roaming\*.exe" /c >
C:\USERS\USER\APPDATA\ROAMING\ijjigame\U_AVA_Setup.exe
C:\USERS\USER\APPDATA\ROAMING\Mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077\SnapDo.exe
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077\SnapDo_ALL_p1v4.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

aharonov 22.05.2013 13:38
Du kopierst einfach den Text aus der Codebox und fügst in bei OTL in die Textbox ein. Und ansonsten machst du alles gleich wie beim letzten Mal.

busa 22.05.2013 13:39
hoffe ich hab es richtig gemacht^^

was ich fragen wollte wie und wann schalt ich mein antiviren programm wieder an weil das ja aus ist und ich es nicht anschalten wollte solang das hier ist aber wenn ich es anschalten will später muss ich ja admin sein laut mein rechner bin ich das auch aber wenn es nicht mehr satrtet was mach ich dann?

aharonov 22.05.2013 16:37
Ich versteh nicht ganz, was du meinst, aber du kannst das Antivirenprogramm wieder einschalten.
Wo ist das neue OTL-Log?

busa 22.05.2013 16:38
der ist oben über deine eine nachricht

mein antiviren programm geht irgendwie nicht mehr sag es mir ich kann es nicht starten oder deinstallieren angeblich hab ich keine berechtigung obwohl ich als admin drin bin

aharonov 22.05.2013 16:50
Ah entschuldige, hab ich irgendwie übersehen.

Dann mach bitte das:


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml

:files
C:\USERS\USER\APPDATA\ROAMING\OpenCandy
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}

:commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von FSS

busa 22.05.2013 16:53
Code:
Farbar Service Scanner Version: 14-04-2013
Ran by user (administrator) on 22-05-2013 at 17:53:01
Running from "C:\Users\user\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 01:54] - [2009-07-14 03:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

aharonov 22.05.2013 16:57
Ah ja, ich seh wohl, wo da das Problem liegt..
Mach bitte noch den Schritt 1 von obigem Post.

busa 22.05.2013 17:01
Code:
========== OTL ==========
HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA577E-794F-4244-A91A-A5C8BC05F996}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=" removed from keyword.URL
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\Plugins folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml moved successfully.
========== FILES ==========
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077 folder moved successfully.
C:\USERS\USER\APPDATA\ROAMING\OpenCandy folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc} folder moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_175942

aharonov 22.05.2013 17:07
Code:
%SystemDrive%\*. /RP /s
  • Schliesse bitte alle anderen Programme.
  • Klicke nun auf None (deutsch "None") und danach auf den Scan Button.
  • Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

busa 22.05.2013 17:19
Code:
OTL logfile created on: 22.05.2013 18:09:17 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 75,11% Memory free
12,00 Gb Paging File | 10,50 Gb Available in Paging File | 87,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 33,12 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,15 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< %SystemDrive%\*. /RP /s >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\Dokumente und Einstellungen] -> C:\Users -> Junction
[C:\Program Files\Gemeinsame Dateien] -> C:\Program Files\Common Files -> Junction
[C:\Program Files\Microsoft Security Client\Backup] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\de-de] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\Drivers] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\en-us] ->  -> Unknown point type
[C:\Program Files\Windows Defender\de-DE] ->  -> Unknown point type
[C:\Program Files\Windows NT\Zubehör] -> C:\Program Files\Windows NT\Accessories -> Junction
[C:\ProgramData\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\ProgramData\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Programme] -> C:\Program Files -> Junction
[C:\Users\All Users\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\Anwendungsdaten] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\AppData\Local\Anwendungsdaten] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\AppData\Local\Verlauf] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\Eigene Bilder] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\Eigene Musik] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\Eigene Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Druckumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Eigene Dateien] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\Lokale Einstellungen] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\Netzwerkumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Startmenü] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Default\Vorlagen] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\Eigene Bilder] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\Eigene Musik] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\Eigene Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\UpdatusUser\Anwendungsdaten] -> C:\Users\UpdatusUser\AppData\Roaming -> Junction
[C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\UpdatusUser\AppData\Local\Verlauf] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\UpdatusUser\Cookies] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Bilder] -> C:\Users\UpdatusUser\Pictures -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Musik] -> C:\Users\UpdatusUser\Music -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Videos] -> C:\Users\UpdatusUser\Videos -> Junction
[C:\Users\UpdatusUser\Druckumgebung] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\UpdatusUser\Eigene Dateien] -> C:\Users\UpdatusUser\Documents -> Junction
[C:\Users\UpdatusUser\Lokale Einstellungen] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\Netzwerkumgebung] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\UpdatusUser\Recent] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\UpdatusUser\SendTo] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\UpdatusUser\Startmenü] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\UpdatusUser\Vorlagen] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\user\Anwendungsdaten] -> C:\Users\user\AppData\Roaming -> Junction
[C:\Users\user\AppData\Local\Anwendungsdaten] -> C:\Users\user\AppData\Local -> Junction
[C:\Users\user\AppData\Local\Temporary Internet Files] -> C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\user\AppData\Local\Verlauf] -> C:\Users\user\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\user\Cookies] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\user\Documents\Eigene Bilder] -> C:\Users\user\Pictures -> Junction
[C:\Users\user\Documents\Eigene Musik] -> C:\Users\user\Music -> Junction
[C:\Users\user\Documents\Eigene Videos] -> C:\Users\user\Videos -> Junction
[C:\Users\user\Druckumgebung] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\user\Eigene Dateien] -> C:\Users\user\Documents -> Junction
[C:\Users\user\Lokale Einstellungen] -> C:\Users\user\AppData\Local -> Junction
[C:\Users\user\Netzwerkumgebung] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\user\Recent] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\user\SendTo] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\user\Startmenü] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\user\Vorlagen] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Bilder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Druckumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Eigene Dateien] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Netzwerkumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Vorlagen] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Verlauf] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Bilder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Druckumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Eigene Dateien] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Lokale Einstellungen] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Netzwerkumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Vorlagen] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:F63A059B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

aharonov 22.05.2013 17:33
Ok, weiter:


Schritt 1

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen Desktop.

Drücke die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.
  • Starte nun FRST64.exe und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
  • Starte danach den Rechner neu auf.



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von FSS

busa 22.05.2013 17:46
schritt 1 geht irgendwie nicht hab es gespeichert aber wenn ich bei frst64 auf fix geh sagt er mir erfindet nix

aharonov 22.05.2013 18:02
Heisst das Textfile, das du mit dem Skript gespeichert hast, wirklich Fixlist.txt (und nicht Fixlist.txt.txt oder so) und befindet sich auf dem Desktop direkt neben der frst64.exe?

busa 22.05.2013 18:09
ne hab das Fixlist.txt genannt.

aharonov 22.05.2013 18:22
Dann starte FRST und drücke den Scan Button. Poste danach die beiden Logfiles, die erstellt werden.

busa 22.05.2013 18:24
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013
Ran by user (administrator) on 22-05-2013 19:23:48
Running from C:\Users\user\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(AVM Berlin) C:\Program Files (x86)\1&1\IGDCTRL.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Veoh Networks) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Farbar) C:\Users\user\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.cpl,CMICtrlWnd [6402048 2007-06-07] (C-Media Corporation)
HKLM\...\Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [8757248 2010-10-08] (C-Media Corporation)
HKCU\...\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2648184 2011-06-22] (Veoh Networks)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Battlefield Heroes Updater - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\ich@maltegoetz.de
FF Extension: adblockpopups - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: DivXWebPlayer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (ijji Auto Install Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll (NHN USA Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.20.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0
CHR Extension: (Virtual Keyboard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR Extension: (Anti-Banner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0

==================== Services (Whitelisted) =================

R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 IGDCTRL; C:\Program Files (x86)\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4060984 2011-03-08] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [x]
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-07] (DT Soft Ltd)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1310720 2010-08-12] (C-Media Electronics Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]
S1 tuxnrfkk; \??\C:\Windows\system32\drivers\tuxnrfkk.sys [x]
S3 X6va006; \??\C:\Users\user\AppData\Local\Temp\00630D4.tmp [x]
S3 X6va007; \??\C:\Users\user\AppData\Local\Temp\00719DE.tmp [x]
S3 X6va008; \??\C:\Users\user\AppData\Local\Temp\0085C08.tmp [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-22 18:55 - 2013-05-22 18:55 - 00017538 ____A C:\Users\user\Desktop\Addition.txt
2013-05-22 18:41 - 2013-05-22 19:20 - 00000619 ____A C:\Users\user\Desktop\Fixlist.lnk
2013-05-22 18:40 - 2013-05-22 18:40 - 00000000 ____D C:\FRST
2013-05-22 18:39 - 2013-05-22 19:20 - 00000133 ____A C:\Users\user\Downloads\Fixlist.txt
2013-05-22 18:36 - 2013-05-22 18:36 - 01878460 ____A (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-05-22 17:59 - 2013-05-22 17:59 - 00000000 ____D C:\_OTL
2013-05-22 17:53 - 2013-05-22 17:53 - 00002555 ____A C:\Users\user\Downloads\FSS.txt
2013-05-22 17:52 - 2013-05-22 17:52 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS.exe
2013-05-22 17:19 - 2013-05-22 17:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-22 17:14 - 2013-05-22 17:14 - 00899584 ____A C:\Users\user\Downloads\MicrosoftFixit50535.msi
2013-05-22 17:14 - 2013-05-22 17:14 - 00014618 ____A C:\FixitRegBackup.reg
2013-05-22 16:23 - 2013-05-22 16:23 - 13503464 ____A (Microsoft Corporation) C:\Users\user\Downloads\mseinstall(1).exe
2013-05-22 13:25 - 2013-05-22 14:06 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-05-22 13:25 - 2013-05-22 13:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-22 13:24 - 2013-05-22 13:24 - 12917756 ____A C:\Users\user\Desktop\mbar-1.05.0.1001.zip
2013-05-22 13:11 - 2013-05-22 13:11 - 13503464 ____A (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe
2013-05-22 12:38 - 2013-05-22 12:38 - 00025183 ____A C:\ComboFix.txt
2013-05-22 12:20 - 2013-05-22 12:38 - 00000000 ____D C:\ComboFix
2013-05-22 01:50 - 2013-05-22 18:15 - 00032282 ____A C:\Users\user\Downloads\OTL.Txt
2013-05-22 01:23 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-22 01:23 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-22 01:23 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-22 01:23 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-22 01:23 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-22 01:23 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-22 01:23 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-22 01:23 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-22 01:22 - 2013-05-22 12:38 - 00000000 ___AD C:\Qoobox
2013-05-22 01:22 - 2013-05-22 12:30 - 00000000 ____D C:\Windows\erdnt
2013-05-22 01:10 - 2013-05-22 01:10 - 00015157 ____A C:\AdwCleaner[S1].txt
2013-05-22 01:08 - 2013-05-22 01:08 - 05068564 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-05-22 01:07 - 2013-05-22 01:07 - 00632031 ____A C:\Users\user\Downloads\adwcleaner.exe
2013-05-21 23:54 - 2013-05-21 23:54 - 01110476 ____A C:\Users\user\Downloads\7z920.exe
2013-05-21 23:54 - 2013-05-21 23:54 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-21 23:44 - 2013-05-22 01:50 - 00000000 ____D C:\Users\user\Desktop\otl.exe
2013-05-21 23:21 - 2013-05-21 23:21 - 00377856 ____A C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-05-21 23:18 - 2013-05-21 23:18 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-05-21 23:17 - 2013-05-21 23:17 - 00050477 ____A C:\Users\user\Downloads\Defogger(1).exe
2013-05-21 20:27 - 2013-05-21 20:27 - 00377856 ____A C:\Users\user\Downloads\i2k5io6f.exe
2013-05-21 20:16 - 2013-05-21 23:23 - 00000342 ____A C:\Users\user\Downloads\defogger_enable.log
2013-05-21 20:15 - 2013-05-21 23:23 - 00000540 ____A C:\Users\user\Downloads\defogger_disable.log
2013-05-21 20:13 - 2013-05-21 20:14 - 00050477 ____A C:\Users\user\Downloads\Defogger.exe
2013-05-20 15:47 - 2013-05-21 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-17 18:20 - 2013-05-17 18:20 - 00000219 ____A C:\Users\user\Desktop\Dota 2.url
2013-05-16 02:52 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 02:52 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 02:52 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 02:52 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 02:52 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 02:52 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 02:52 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 02:52 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 02:52 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 02:52 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 02:52 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 02:52 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 12:00 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 12:00 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 12:00 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 12:00 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 12:00 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 12:00 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 12:00 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 12:00 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 12:00 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 12:00 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 12:00 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 12:00 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 12:00 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 12:00 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 23:26 - 2013-05-14 23:26 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 21:39 - 2013-05-14 21:38 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-14 21:39 - 2013-05-14 21:38 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-14 21:39 - 2013-05-14 21:38 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-14 21:39 - 2013-05-14 21:38 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-08 17:19 - 2013-05-08 17:19 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-05-08 17:19 - 2013-05-08 17:19 - 00000000 ____D C:\Program Files (x86)\Rift Game
2013-05-07 19:17 - 2013-05-08 17:55 - 00000000 ____D C:\Users\user\AppData\Local\Warframe
2013-05-07 17:28 - 2013-05-07 17:28 - 00000222 ____A C:\Users\user\Desktop\Warframe.url
2013-05-07 16:57 - 2013-05-07 16:57 - 00000889 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
2013-05-07 14:38 - 2013-05-08 18:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin
2013-05-07 14:38 - 2013-05-07 14:47 - 00000000 ____D C:\Users\user\AppData\Local\Origin
2013-05-07 14:38 - 2013-05-07 14:38 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-05-07 14:37 - 2013-05-07 14:47 - 00000000 ____D C:\ProgramData\Origin
2013-05-07 14:37 - 2013-05-07 14:38 - 00000000 ____D C:\Program Files (x86)\Origin
2013-05-07 14:37 - 2013-05-07 14:37 - 00000990 ____A C:\Users\Public\Desktop\Origin.lnk
2013-04-29 14:26 - 2013-04-29 14:26 - 00000000 ____D C:\Users\user\Desktop\Deardrops
2013-04-26 19:20 - 2013-04-26 19:20 - 00000222 ____A C:\Users\user\Desktop\Poker Night 2.url
2013-04-24 14:45 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-22 19:20 - 2013-05-22 18:41 - 00000619 ____A C:\Users\user\Desktop\Fixlist.lnk
2013-05-22 19:20 - 2013-05-22 18:39 - 00000133 ____A C:\Users\user\Downloads\Fixlist.txt
2013-05-22 19:19 - 2011-06-23 18:23 - 00000000 ____D C:\Program Files (x86)\Giraffic
2013-05-22 18:55 - 2013-05-22 18:55 - 00017538 ____A C:\Users\user\Desktop\Addition.txt
2013-05-22 18:46 - 2012-03-03 03:12 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
2013-05-22 18:45 - 2012-07-09 22:18 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-22 18:40 - 2013-05-22 18:40 - 00000000 ____D C:\FRST
2013-05-22 18:36 - 2013-05-22 18:36 - 01878460 ____A (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-05-22 18:29 - 2011-04-04 15:37 - 01968222 ____A C:\Windows\WindowsUpdate.log
2013-05-22 18:26 - 2012-05-03 02:57 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-22 18:15 - 2013-05-22 01:50 - 00032282 ____A C:\Users\user\Downloads\OTL.Txt
2013-05-22 18:08 - 2011-04-04 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2013-05-22 17:59 - 2013-05-22 17:59 - 00000000 ____D C:\_OTL
2013-05-22 17:53 - 2013-05-22 17:53 - 00002555 ____A C:\Users\user\Downloads\FSS.txt
2013-05-22 17:52 - 2013-05-22 17:52 - 00354299 ____A (Farbar) C:\Users\user\Downloads\FSS.exe
2013-05-22 17:27 - 2013-02-20 01:18 - 00002122 ____A C:\Windows\epplauncher.mif
2013-05-22 17:26 - 2013-02-20 01:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-22 17:26 - 2009-07-14 06:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-22 17:26 - 2009-07-14 06:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-22 17:24 - 2011-06-28 17:54 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2013-05-22 17:19 - 2013-05-22 17:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-22 17:19 - 2012-07-23 20:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-22 17:19 - 2012-02-06 12:37 - 00000937 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-05-22 17:19 - 2011-10-07 15:51 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2013-05-22 17:19 - 2011-06-23 18:23 - 00000000 ____D C:\ProgramData\Giraffic
2013-05-22 17:18 - 2012-07-09 22:18 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-22 17:18 - 2011-07-13 19:45 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-22 17:18 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-22 17:18 - 2009-07-14 06:51 - 00101922 ____A C:\Windows\setupact.log
2013-05-22 17:14 - 2013-05-22 17:14 - 00899584 ____A C:\Users\user\Downloads\MicrosoftFixit50535.msi
2013-05-22 17:14 - 2013-05-22 17:14 - 00014618 ____A C:\FixitRegBackup.reg
2013-05-22 16:23 - 2013-05-22 16:23 - 13503464 ____A (Microsoft Corporation) C:\Users\user\Downloads\mseinstall(1).exe
2013-05-22 15:22 - 2011-04-04 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2013-05-22 14:06 - 2013-05-22 13:25 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-05-22 13:45 - 2011-10-07 15:51 - 00000000 ____D C:\Users\user\AppData\Local\Apps\2.0
2013-05-22 13:45 - 2010-11-21 05:47 - 00212544 ____A C:\Windows\PFRO.log
2013-05-22 13:43 - 2012-06-12 22:21 - 00000000 ____D C:\Users\user\AppData\Roaming\OpenOffice.org
2013-05-22 13:43 - 2011-07-06 11:54 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2013-05-22 13:43 - 2011-04-04 17:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2013-05-22 13:43 - 2011-04-04 15:56 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-05-22 13:25 - 2013-05-22 13:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-22 13:24 - 2013-05-22 13:24 - 12917756 ____A C:\Users\user\Desktop\mbar-1.05.0.1001.zip
2013-05-22 13:11 - 2013-05-22 13:11 - 13503464 ____A (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe
2013-05-22 12:38 - 2013-05-22 12:38 - 00025183 ____A C:\ComboFix.txt
2013-05-22 12:38 - 2013-05-22 12:20 - 00000000 ____D C:\ComboFix
2013-05-22 12:38 - 2013-05-22 01:22 - 00000000 ___AD C:\Qoobox
2013-05-22 12:32 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-05-22 12:30 - 2013-05-22 01:22 - 00000000 ____D C:\Windows\erdnt
2013-05-22 01:50 - 2013-05-21 23:44 - 00000000 ____D C:\Users\user\Desktop\otl.exe
2013-05-22 01:39 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-05-22 01:29 - 2011-06-19 13:50 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-05-22 01:29 - 2011-04-04 18:53 - 00000000 ____D C:\Users\user\AppData\Roaming\RIFT
2013-05-22 01:10 - 2013-05-22 01:10 - 00015157 ____A C:\AdwCleaner[S1].txt
2013-05-22 01:08 - 2013-05-22 01:08 - 05068564 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-05-22 01:07 - 2013-05-22 01:07 - 00632031 ____A C:\Users\user\Downloads\adwcleaner.exe
2013-05-21 23:54 - 2013-05-21 23:54 - 01110476 ____A C:\Users\user\Downloads\7z920.exe
2013-05-21 23:54 - 2013-05-21 23:54 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-21 23:23 - 2013-05-21 20:16 - 00000342 ____A C:\Users\user\Downloads\defogger_enable.log
2013-05-21 23:23 - 2013-05-21 20:15 - 00000540 ____A C:\Users\user\Downloads\defogger_disable.log
2013-05-21 23:21 - 2013-05-21 23:21 - 00377856 ____A C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-05-21 23:18 - 2013-05-21 23:18 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-05-21 23:17 - 2013-05-21 23:17 - 00050477 ____A C:\Users\user\Downloads\Defogger(1).exe
2013-05-21 22:47 - 2012-12-19 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Mumble
2013-05-21 20:37 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-21 20:27 - 2013-05-21 20:27 - 00377856 ____A C:\Users\user\Downloads\i2k5io6f.exe
2013-05-21 20:14 - 2013-05-21 20:13 - 00050477 ____A C:\Users\user\Downloads\Defogger.exe
2013-05-21 20:04 - 2011-06-19 13:50 - 00000000 ____D C:\ProgramData\Skype
2013-05-21 19:38 - 2012-04-25 16:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-21 11:57 - 2013-05-20 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 11:46 - 2012-03-03 03:12 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
2013-05-18 18:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 15:35 - 2011-04-04 19:03 - 00378260 ____A C:\Windows\DirectX.log
2013-05-17 18:20 - 2013-05-17 18:20 - 00000219 ____A C:\Users\user\Desktop\Dota 2.url
2013-05-16 12:23 - 2009-07-14 06:45 - 00290704 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 02:57 - 2011-04-04 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 02:54 - 2010-11-21 08:50 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-05-16 02:54 - 2010-11-21 08:50 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-05-16 02:54 - 2009-07-14 07:13 - 01519798 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 23:26 - 2013-05-14 23:26 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 23:26 - 2012-05-03 02:57 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 23:26 - 2012-05-03 02:57 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 21:38 - 2013-05-14 21:39 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-14 21:38 - 2013-05-14 21:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-14 21:38 - 2013-05-14 21:39 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-14 21:38 - 2013-05-14 21:39 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-14 21:38 - 2012-04-04 03:41 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-05-14 21:38 - 2012-04-04 03:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-14 21:38 - 2011-04-04 15:56 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-14 17:11 - 2011-09-28 08:45 - 00000000 ____D C:\Users\user\Desktop\Mucke
2013-05-14 00:47 - 2011-04-04 17:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-05-08 18:44 - 2013-05-07 14:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin
2013-05-08 17:55 - 2013-05-07 19:17 - 00000000 ____D C:\Users\user\AppData\Local\Warframe
2013-05-08 17:19 - 2013-05-08 17:19 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-05-08 17:19 - 2013-05-08 17:19 - 00000000 ____D C:\Program Files (x86)\Rift Game
2013-05-07 19:20 - 2011-04-11 19:07 - 00000000 ____D C:\Users\user\Documents\BioWare
2013-05-07 17:28 - 2013-05-07 17:28 - 00000222 ____A C:\Users\user\Desktop\Warframe.url
2013-05-07 16:57 - 2013-05-07 16:57 - 00000889 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
2013-05-07 14:47 - 2013-05-07 14:38 - 00000000 ____D C:\Users\user\AppData\Local\Origin
2013-05-07 14:47 - 2013-05-07 14:37 - 00000000 ____D C:\ProgramData\Origin
2013-05-07 14:38 - 2013-05-07 14:38 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-05-07 14:38 - 2013-05-07 14:37 - 00000000 ____D C:\Program Files (x86)\Origin
2013-05-07 14:37 - 2013-05-07 14:37 - 00000990 ____A C:\Users\Public\Desktop\Origin.lnk
2013-05-07 14:37 - 2011-04-13 16:41 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-05-02 17:29 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-29 14:26 - 2013-04-29 14:26 - 00000000 ____D C:\Users\user\Desktop\Deardrops
2013-04-26 19:25 - 2013-02-26 16:47 - 00000000 ____D C:\Users\user\Documents\Telltale Games
2013-04-26 19:20 - 2013-04-26 19:20 - 00000222 ____A C:\Users\user\Desktop\Poker Night 2.url

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 12:59

==================== End Of Log ============================
das war alle was ich bekommen hab bei scan

aharonov 22.05.2013 18:34
Ok, ich seh jetzt, warum das vorhin nicht geklappt hat:
Zitat:
2013-05-22 18:41 - 2013-05-22 19:20 - 00000619 ____A C:\Users\user\Desktop\Fixlist.lnk
2013-05-22 18:39 - 2013-05-22 19:20 - 00000133 ____A C:\Users\user\Downloads\Fixlist.txt
Die Fixlist.txt muss direkt auf dem Desktop liegen (nicht wie hier im Download-Ordner). Es reicht nicht, nur eine Verknüpfung (fixlist.lnk) dorthin zu legen.
Wiederhole diese Schritte bitte nochmals wie folgt und achte, dass du die Fixlist.txt direkt auf den Desktop speicherst:



Schritt 1

Drücke die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.
  • Starte nun FRST64.exe und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
  • Starte danach den Rechner neu auf.



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von FSS

busa 22.05.2013 18:37
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013
Ran by user at 2013-05-22 19:36:34 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

"C:\Program Files\Microsoft Security Client" => Deleting junctions completed successfully.
"C:\Program Files\Windows Defender" => Deleting junctions completed successfully.

==== End of Fixlog ====
Code:
Farbar Service Scanner Version: 14-04-2013
Ran by user (administrator) on 22-05-2013 at 19:38:16
Running from "C:\Users\user\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

aharonov 22.05.2013 18:42
Prima. :daumenhoc
Kannst du jetzt dein Antivirenprogramm wieder normal starten und bedienen?

busa 22.05.2013 18:43
warte ich probier es aus

also microsoft essentials kann ich nicht installieren und window defander oder wie das teil heißt geht auch nicht anzuschalten

aharonov 22.05.2013 19:00
Bleibt das nach einem Neustart gleich?
Bekommst du denn eine Fehlermeldung?

busa 22.05.2013 19:01
warte probier es mit neustart meld mich gleich wieder

aharonov 22.05.2013 19:06
ok.

busa 22.05.2013 19:16
also windows defender scheint zu gehen aber micrsoft essentials lässt sich nicht installieren da kommt eine fehler meldung wenn du noch ein gute kostenlose programm kennst sag bescheid^^

aharonov 22.05.2013 19:21
Zitat:
micrsoft essentials lässt sich nicht installieren da kommt eine fehler meldung
Microsoft Security Essetials sollte doch eigentlich bereits installiert sein.. Kannst du es nicht mehr starten oder was ist genau das Problem?
Kannst du mir bitte die genaue Fehlermeldung angeben?

busa 22.05.2013 19:29
Der Setup-Assitent für Security essetials konnte aufgrunde eines Fehlers nicht erfolgreich abgeschlossen werden.Starten sie den Computer neu, und wiederholen sie den vorgang.

so ist die fehler meldung ich hab den rechner schon 3 mal neugestartet aber es kommt immer wieder

aharonov 22.05.2013 19:35
Aber erklär mir bitte die Situation etwas genauer: Warum versuchst du überhaupt, Security Essentials zu installieren? Ist es nicht bereits installiert?

busa 22.05.2013 19:37
nein es ist nicht installiert freundin hat es gelöscht meint sie mit irgendein microsoft fixer und nun sollte ich es neu drauf machen

aharonov 22.05.2013 20:00
Ok, dann versuch stattdessen mal avast zu installieren: Avast! Free Antivirus

busa 22.05.2013 20:03
probier es gleich aus ich sag dir dann das ergebnis bin ja auf etwas schutz angewiesen weil ich online viel spiel^^

aharonov 22.05.2013 20:08
ok.

busa 22.05.2013 20:15
ok konnte ich installieren dann steht mein online zocken ja nix mehr im weg wie sieht es jetzt eigentlich damit aus das ich wieder skpe drauf machen oder wär das schlecht?ß

aharonov 22.05.2013 20:20
Moment, wir sind noch nicht ganz fertig. Letzt Runde:
(Skype kannst du wieder installieren.)


Schritt 1

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL

busa 22.05.2013 20:31
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [Administrator]

22.05.2013 21:26:49
mbam-log-2013-05-22 (21-26-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257762
Laufzeit: 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov 22.05.2013 20:44
jep, schon mal nicht schlecht.

busa 22.05.2013 20:59
rest kommt gleich dauert nur etwas^^

aharonov 22.05.2013 21:09
Ja, ESET kann etwas länger dauern..

busa 22.05.2013 22:15
alter schwede 1.40 stunden und jetzt ist es erst auf d: das kann ja noch dauern

aharonov 22.05.2013 22:20
Ja, das ist normal. :)
Vielleicht einfach über Nacht scannen lassen..

busa 22.05.2013 22:21
ja so bald ich es hab schick ich dir^^

aharonov 22.05.2013 22:40
Nur kein Stress.. :)

busa 23.05.2013 11:40
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=740afa25b925ca4a867160923e5630d5
# engine=13891
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-23 03:06:31
# local_time=2013-05-23 05:06:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 88 28788 145988263 0 0
# compatibility_mode=5893 16776574 100 94 7990531 120908241 0 0
# scanned=266055
# found=50
# cleaned=0
# scan_time=27114
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\1596.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\1CB6.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\3359.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\3B8D.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\4619.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\5373.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\602C.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\8866.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\96AA.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\CC0A.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\DA2F.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\DF4B.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\F0FD.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\FA2A.exe.vir"
sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\FBE.exe.vir"
sh=03EFD815DC17A1D4CEE5EA94065F1633AF92FE1B ft=1 fh=d72f384974c80c4e vn="Win32/Gapz.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\fcfccbdcadbsacfsfdsf.exe.vir"
sh=31C15BED6DF1E5376A73FD9F597CAD85D6B1474B ft=1 fh=6298989d5e8713a7 vn="Win32/Sirefef.FU trojan" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\837606GR\h9d723h8u2r[1]"
sh=7295BCEEAEF79F82C5C69C255D0473E45CEC38AA ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.CD trojan" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3de4014c-6c5e9986"
sh=290FF20E5C92F8AAD31B710CED8D83038B24A758 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\183b36d7-739e06bf"
sh=BBF136F2C78CD358196B93E8D09CBCB2F272FBEE ft=0 fh=0000000000000000 vn="a variant of Java/Mocup.C trojan" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4b910f9d-49a2cb98"
sh=AA552E771DB340B8CEAF3116833A628DC3D7E49C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\5bff50a5-1294e00e"
sh=755616F5EA0259B657ACC3ADDD4728FF3A2672E9 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFX trojan" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\1fd717a7-7cf48b3f"
sh=06679A3AB6B4E5858827FDA93526A48A2B1C4926 ft=1 fh=000b46f7d748511a vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="C:\Users\user\Desktop\Games\PESEdit__2012_Patch_2.7\Installer.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Users\user\Desktop\Games\The witcher 2\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso"
sh=2897FD98CE8B68833E14D7333F56CDEB714DAF9E ft=1 fh=12a6fa5052e332e3 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="C:\Users\user\Desktop\PES 2013\Installer.exe"
sh=6EFD2F9CEB9BEC57520501DB676142B8F23DC275 ft=1 fh=b270b9f7ee86d05d vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="C:\Users\user\Desktop\Pes 3.5\PESEdit.com_2012_Patch_3.5\Installer.exe"
sh=FBA586FBA198E7626777F76359BCD4FFB2C50CB3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-03 190001\Backup files 12.zip"
sh=03B19E6E72A8E25CCF278F0F842B3C2B0746D329 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-03 190001\Backup files 16.zip"
sh=0A3174DF00968D37C452BE923F3713B00C14B2F9 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-03 190001\Backup files 3.zip"
sh=A17814F1E3DF40C9DF34808693546FE4ED3A7A4D ft=0 fh=0000000000000000 vn="JS/Redirector.NIF trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-03 190001\Backup files 8.zip"
sh=3D8CD7247F7E12AC6A158DB29D79811FF281F298 ft=0 fh=0000000000000000 vn="JS/TrojanClicker.Agent.NCI.Gen trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-17 190003\Backup files 5.zip"
sh=0DA8AB214DD9A8760F0575568DFD7B3ABA0EFEE6 ft=0 fh=0000000000000000 vn="JS/Kryptik.BK trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-07-31 190005\Backup files 16.zip"
sh=485F7C2778209B2C7C8EE27B8083A61ED30ECB2C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-08-14 190005\Backup files 21.zip"
sh=1A589DB78F0328AEFA31830F925A8EF4A6F60CE3 ft=0 fh=0000000000000000 vn="JS/Kryptik.CG trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-08-14 190005\Backup files 30.zip"
sh=E3B8735044F4710B62E80ACA1CAB8BEE7A9FE373 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-08-14 190005\Backup files 69.zip"
sh=7D62E4435DEE155E26B2AAF171BCB2155847DCB5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-08-14 190005\Backup files 72.zip"
sh=271FCB060122372911AA64DAE7474C9B537A61C4 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DW trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-10-16 190011\Backup files 64.zip"
sh=1C91ED9E6734BBDFAAF74542A1050E05DD3C436F ft=0 fh=0000000000000000 vn="JS/Kryptik.EY.Gen trojan" ac=I fn="D:\USER-PC\Backup Set 2011-04-10 153355\Backup Files 2011-12-26 165338\Backup files 1.zip"
sh=5ED0E6D36739734246A28BA19F2165A30B446F35 ft=0 fh=0000000000000000 vn="JS/Kryptik.EY.Gen trojan" ac=I fn="D:\USER-PC\Backup Set 2012-01-01 190012\Backup Files 2012-01-01 190012\Backup files 2.zip"
sh=CB15DA8D45BB9A8D7CBF13168A0233E6BE911D69 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DW trojan" ac=I fn="D:\USER-PC\Backup Set 2012-01-01 190012\Backup Files 2012-01-01 190012\Backup files 5.zip"
sh=9EEFFEAE058DA72B3B43C2EC83F74ADF7AE6D4F3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2011-3544.CC trojan" ac=I fn="D:\USER-PC\Backup Set 2012-01-01 190012\Backup Files 2012-01-29 190002\Backup files 3.zip"
sh=C8157E85BD96A42A9FCCC50E239C7A109264DABA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2012-02-12 190002\Backup Files 2012-02-12 190002\Backup files 5.zip"
sh=3FCB872207CFDA382C34D4D440E2F520E693F147 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2012-02-12 190002\Backup Files 2012-03-11 190001\Backup files 4.zip"
sh=49B631CD197B7BAAC095C4D32C941D198115EF39 ft=1 fh=ad1c3e19a29e499d vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\Installer_v3.1.exe"
sh=0A2919F39242F1E7F0B14F42653C5F0205C29E90 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\PESEdit.com_2013_patch_3.1.1.rar"
sh=B5F40D3267C1E5AD65E3845D2A07CA4F53222B73 ft=1 fh=12a6fa50fda6a9a7 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\= pesedit v3.4 =\Installer_v3.4.exe"
sh=2AF573FF18564C6F2C27853C8D5DDB51BCB3BF14 ft=1 fh=5d8e3449a2fa9926 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\= pesedit v3.5 =\Fix_v3.5.1.exe"
sh=D514C3D3871D1AD697C095E2A159A554E1A2432A ft=1 fh=12a6fa50b801d4bc vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\= pesedit v3.5 =\Installer_v3.5.exe"
sh=0A2919F39242F1E7F0B14F42653C5F0205C29E90 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\Borderlands 2 Crack Only Fixed-3DM\PESEdit.com_2013_patch_3.1.1.rar"
sh=AD24D3005AD0E09A7EEF50D28A1DB1807FF81D92 ft=1 fh=093a31f62118aa99 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Users\user\Downloads\PESEdit.com_2013_patch_3.1.1\Installer.exe"
Code:
Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 JavaFX 2.0.2   
 JavaFX 2.0.2 SDK 
 Java 7 Update 21 
 Java(TM) SE Development Kit 7 Update 2
 Adobe Flash Player 11.7.700.202 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
OTL logfile created on: 23.05.2013 12:46:35 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 75,32% Memory free
12,00 Gb Paging File | 10,56 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 33,24 Gb Free Space | 13,41% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 137,89 Gb Free Space | 20,17% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.22 21:06:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.22 17:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.22 21:06:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.22 12:32:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 21:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.22 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013.05.22 21:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 21:25:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.22 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.22 21:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.22 21:07:05 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.22 21:07:03 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.22 21:07:01 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.22 21:07:01 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.22 21:07:00 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.22 21:06:47 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.22 21:06:47 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.22 21:06:30 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.22 21:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.22 21:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.22 20:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.05.22 20:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.05.22 18:40:41 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.22 17:59:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 17:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.22 17:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.22 15:33:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics
[2013.05.22 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013.05.22 12:38:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 12:32:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.22 12:20:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 12:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.23 12:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 12:45:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 12:41:30 | 000,890,825 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013.05.23 12:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 12:06:03 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 12:06:03 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 11:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 11:57:11 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 21:07:07 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.22 21:06:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.05.22 21:00:38 | 000,002,122 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.22 17:19:05 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.05.22 17:14:56 | 000,014,618 | ---- | M] () -- C:\FixitRegBackup.reg
[2013.05.22 13:24:42 | 012,917,756 | ---- | M] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 12:32:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 12:41:29 | 000,890,825 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013.05.22 21:07:07 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.22 21:06:58 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.22 21:06:56 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.22 21:06:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.05.22 17:14:56 | 000,014,618 | ---- | C] () -- C:\FixitRegBackup.reg
[2013.05.22 13:24:37 | 012,917,756 | ---- | C] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios
[2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient
[2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013.05.23 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

aharonov 23.05.2013 12:08
Schmeiss diesen Crack-Mist in die Tonne. Und alte Backups sind verseucht, die würd ich mal durch ein aktuelles sauberes Komplettbackup ersetzen.
Aber keine aktive Malware mehr.


Schritt 1

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  2. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  3. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  4. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  5. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

busa 23.05.2013 12:44
ich werd jetzt die letzen schritte machen,ich danke dir vielmals für deine hilfe

aharonov 23.05.2013 14:00
Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:38 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132