Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   3 laufende conhost.exe-Prozesse (https://www.trojaner-board.de/132667-3-laufende-conhost-exe-prozesse.html)

Baldoius 24.03.2013 08:10
3 laufende conhost.exe-Prozesse
 
Hallo Community

Zuerst ein mal "Hallo", da ich neu hier bin :-)
Aber jetzt zu meinem Problem:

Als ich letztens im Mozilla Firefox war, hats den einfach gefreezt....konnte da nichts mehr machen.....also: TaskManager her! Prozess "beendet" und neu gestartet. Als ich danach mal in die Prozessliste geschaut habe, sah ich dass insgesamt 3 conhost.exe-Prozesse liefen. Als ich das in Google eingab kam ich auf folgendes:

Zitat:
If you have 3 instances of any process, and they are all exactly identical, then it is a cause for concern, because can be an indication of malware. Try shutting down all of them.
Quelle: hxxp://answers.yahoo.com/question/index?qid=20110124132801AAXK3dj

Jetzt weiss ich irgendwie voll nicht ob es normal ist, oder ob ich ein Virus draufhabe....die Virenscanner laufen grad............(SuperAntiSpyware und Avira)

Edit 08:08 Uhr: SuperAntiSpyware findet einen Trojan.Agent/Gen-VB.

http://h13.abload.de/img/trojanm3d07.png

Niederschmetternde Information.......www.removeonline.com/trojan-agentgen-vb/

Log ist fertig

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/24/2013 at 09:14 AM

Application Version : 5.6.1012

Core Rules Database Version : 10174
Trace Rules Database Version: 7986

Scan type      : Complete Scan
Total Scan Time : 01:11:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 461
Memory threats detected  : 0
Registry items scanned    : 77418
Registry threats detected : 0
File items scanned        : 75872
File threats detected    : 9

Trojan.Agent/Gen-VB
        C:\$RECYCLE.BIN\S-1-5-21-3972431589-2566625243-1631541889-1001\$R02JPUC\SETUP.EXE

Trojan.Agent/Gen-MSFake
        C:\USERS\*****\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE

Adware.Tracking Cookie
        .doubleclick.net [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ T:\ARMIN\.MOZILLA\FIREFOX\1RAKUXSD.DEFAULT\COOKIES.SQLITE ]
Hallöle

Habe gerade gemerkt, dass 10 conhost.exe offen sind........

:help:

M-K-D-B 24.03.2013 11:50
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Mehrere conhost.exe Prozesse müssen nicht zwingend auf Malware hindeuten.
Die Funde von SAS sind Fehlalarme bzw. unbedeutende Funde.
Wir schauen uns deinen Rechner einmal richtig an:









Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe
  • Starte bitte dds mit einem Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Setze bitte einen Haken bei
    • dds.txt ( Sollte angehakt sein )
    • attach.txt
    Ändere keine Einstellungen ohne Anweisung
  • Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
    • dds.txt
    • attach.txt
Bitte poste beide Logfiles in deiner nächsten Antwort.





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von DDS,
  • die Logdatei von DeFogger,
  • die Logdatei GMER.

Baldoius 24.03.2013 12:41
Hallo Matthias

Vielen Dank für deine angebotene Hilfe :-)

Schritt 1


DDS.txt

DDS Logfile:
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.17.2
Run by **** at 12:42:45 on 2013-03-24
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.6056.3830 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Webocton - Scriptly\webocton_scriptly.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Users\Dario\Downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Steganos Password Manager Toolbar: {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dario\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {024538B9-3F39-49FF-9503-975F743210FA} - {9C65D12D-CF9D-454d-8049-61965D8C6FFF}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 192.168.0.210 88.84.16.108
TCP: Interfaces\{52ACCD0C-CD6E-4B80-B520-286DEEC015E3} : NameServer = 192.168.0.220,192.168.0.210
TCP: Interfaces\{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B} : NameServer = 127.0.0.1
TCP: Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D} : NameServer = 192.168.0.220,192.168.0.210
TCP: Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D} : DHCPNameServer = 192.168.0.210 88.84.16.108
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dario\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\
FF - prefs.js: browser.search.selectedEngine - anderes-wort.de
FF - prefs.js: browser.startup.homepage - google.ch
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Games\GreenWebPlayer\npgreenwebplayer.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dario\AppData\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-09 17:47; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\Dario\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-4-28 28992]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-17 52760]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2012-10-10 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-10 27800]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-10-10 657120]
R2 AntiVirMailService;Avira Email Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-10-10 400608]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-10 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-10 110816]
R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-10-10 565472]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-10 99912]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-22 2655768]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2012-10-10 114608]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-20 138024]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-20 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 76912]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-6-22 1147232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
S3 PortReporter;Port Reporter;C:\Program Files (x86)\PortReporter\PortReporter.exe [2013-3-2 90183]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-8 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-6-22 379520]
S4 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-8-18 22016]
S4 DCMessages;DCMessages;C:\Windows\SysWOW64\DCMessages.exe [2012-7-6 99720]
S4 hMailServer;hMailServer;C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe RunAsService --> C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [?]
S4 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S4 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2012-12-9 580648]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\webocton_scriptly.exe="C:\Program Files (x86)\Webocton - Scriptly\webocton_scriptly.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-24 07:33:04        19968        ----a-w-        C:\Windows\System32\drivers\usb8023.sys
2013-03-23 04:48:15        76232        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0F36E55-6E11-47C5-A2BA-498A1C3C2F17}\offreg.dll
2013-03-23 04:44:16        9311288        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0F36E55-6E11-47C5-A2BA-498A1C3C2F17}\mpengine.dll
2013-03-20 05:35:33        33240        ----a-w-        C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-20 05:35:19        --------        d-----w-        C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-20 05:35:19        --------        d-----w-        C:\Program Files\iTunes
2013-03-20 05:35:19        --------        d-----w-        C:\Program Files\iPod
2013-03-20 05:35:19        --------        d-----w-        C:\Program Files (x86)\iTunes
2013-03-20 05:34:55        --------        d-----w-        C:\Program Files\Bonjour
2013-03-20 05:34:55        --------        d-----w-        C:\Program Files (x86)\Bonjour
2013-03-18 11:53:26        95648        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 06:30:42        4546560        ----a-w-        C:\Windows\SysWow64\GPhotos.scr
2013-03-13 16:28:53        --------        d-----w-        C:\Program Files (x86)\Audacity
2013-03-11 14:32:19        --------        d-----w-        C:\Program Files (x86)\On s'entraîne
2013-03-09 09:27:41        --------        d-----w-        C:\ProgramData\Electronic Arts
2013-03-06 16:44:47        --------        d-----w-        C:\Users\Dario\AppData\Roaming\Clickteam
2013-03-05 16:34:00        --------        d-----w-        C:\Users\Dario\AppData\Roaming\CodeBlocks
2013-03-05 16:20:57        --------        d-----w-        C:\codeblocks
2013-03-05 16:20:53        --------        d-----w-        C:\cppbuchincludes
2013-03-02 05:03:02        --------        d-----w-        C:\Program Files (x86)\PortReporter
2013-02-27 05:40:32        9728        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-24 16:01:14        --------        d-----w-        C:\Users\Dario\AppData\Local\ElevatedDiagnostics
2013-02-22 17:48:10        210432        ----a-w-        C:\Windows\SysWow64\lmusbdll.dll
2013-02-22 17:48:10        208896        ----a-w-        C:\Windows\SysWow64\lmdfu.dll
2013-02-22 17:48:09        245760        ----a-w-        C:\Windows\System32\lmusbdll.dll
2013-02-22 17:48:09        242688        ----a-w-        C:\Windows\System32\lmdfu.dll
2013-02-22 17:48:09        1002728        ----a-w-        C:\Windows\System32\WinUSBCoInstaller2.dll
2013-02-22 17:47:38        --------        d-----w-        C:\ICPDAS
.
==================== Find3M  ====================
.
2013-03-24 08:32:05        45056        ----a-w-        C:\Windows\System32\acovcnt.exe
2013-03-24 07:27:51        73432        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 07:27:51        693976        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-18 11:53:23        861088        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2013-03-18 11:53:23        782240        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2013-03-09 17:31:49        99912        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2013-03-09 17:31:48        141376        ----a-w-        C:\Windows\System32\drivers\avfwot.sys
2013-03-09 17:31:48        114608        ----a-w-        C:\Windows\System32\drivers\avfwim.sys
2013-02-27 05:40:32        9728        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-12 05:45:24        135168        ----a-w-        C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22        350208        ----a-w-        C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22        308736        ----a-w-        C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22        111104        ----a-w-        C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31        474112        ----a-w-        C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26        2176512        ----a-w-        C:\Windows\apppatch\AcGenral.dll
2013-02-08 05:09:25        108448        ----a-w-        C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-08 05:09:22        963488        ----a-w-        C:\Windows\System32\deployJava1.dll
2013-02-08 05:09:22        1085344        ----a-w-        C:\Windows\System32\npdeployJava1.dll
2013-01-17 00:28:58        273840        ------w-        C:\Windows\System32\MpSigStub.exe
2013-01-05 05:53:43        5553512        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15        3967848        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11        3913064        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09        215040        ----a-w-        C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16        5120        ----a-w-        C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21        44032        ----a-w-        C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48        3153408        ----a-w-        C:\Windows\System32\win32k.sys
2013-01-04 02:47:35        25600        ----a-w-        C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34        7680        ----a-w-        C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34        2048        ----a-w-        C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33        14336        ----a-w-        C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54        1913192        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42        288088        ----a-w-        C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 12:43:16.80 ===============
[/CODE][/CODE]
--- --- ---
--- --- ---
attach.txt

Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07.08.2011 11:00:06
System Uptime: 24.03.2013 09:19:35 (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | K73SV
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 1780/100mhz
.
==== Disk Partitions =========================
.
B: is CDROM ()
C: is FIXED (NTFS) - 238 GiB total, 153.264 GiB free.
D: is FIXED (NTFS) - 333 GiB total, 330.379 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
N: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
Rest folgt

Schritt 2

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:47 on 24/03/2013 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

M-K-D-B 24.03.2013 12:51
Fehlt nur noch die Logdatei von GMER. :)

Baldoius 24.03.2013 13:31
jaja, der ist noch drangewesen..nur keine panik :-)

Schritt 3

Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 13:31:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: v7u9njc9.exe; Driver: C:\Users\Dario\AppData\Local\Temp\pxloypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                        fffff96000193c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                    fffff96000193c08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000766e1465 2 bytes [6E, 76]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000766e14bb 2 bytes [6E, 76]
.text  ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4140:4936]                                                                                          000007fefb852a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4140:4944]                                                                                          000007feeaafd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4140:5040]                                                                                          000007fef8f55124

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{873F008F-86E8-462A-BC72-3C9796D16FC7}\Connection@Name            isatap.{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                \Device\{5BFC1BC7-DC2B-4D19-897F-292560AF140B}?\Device\{873F008F-86E8-462A-BC72-3C9796D16FC7}?\Device\{9EAD69A6-A004-4204-BE8C-A054A89EE953}?\Device\{BB8C5B4C-7864-4FB5-AE5A-2A8B675F0F99}?\Device\{234CD475-F5EA-4FA9-9E28-88742B2F3632}?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route              "{5BFC1BC7-DC2B-4D19-897F-292560AF140B}"?"{873F008F-86E8-462A-BC72-3C9796D16FC7}"?"{9EAD69A6-A004-4204-BE8C-A054A89EE953}"?"{BB8C5B4C-7864-4FB5-AE5A-2A8B675F0F99}"?"{234CD475-F5EA-4FA9-9E28-88742B2F3632}"?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export              \Device\TCPIP6TUNNEL_{5BFC1BC7-DC2B-4D19-897F-292560AF140B}?\Device\TCPIP6TUNNEL_{873F008F-86E8-462A-BC72-3C9796D16FC7}?\Device\TCPIP6TUNNEL_{9EAD69A6-A004-4204-BE8C-A054A89EE953}?\Device\TCPIP6TUNNEL_{BB8C5B4C-7864-4FB5-AE5A-2A8B675F0F99}?\Device\TCPIP6TUNNEL_{234CD475-F5EA-4FA9-9E28-88742B2F3632}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{873F008F-86E8-462A-BC72-3C9796D16FC7}@InterfaceName                                  isatap.{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{873F008F-86E8-462A-BC72-3C9796D16FC7}@ReusableType                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                        16988
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                        6961
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters\{E3B07140-174D-4590-A16C-E4C23E71385D}@StaleAdapter                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}@LeaseObtainedTime                            1364124444
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}@T1                                            1364131644
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}@T2                                            1364137044
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}@LeaseTerminatesTime                          1364138844
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                       
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=7B01554 On s'entra\xffeene (D)\setup.exe  1

---- EOF - GMER 2.1 ----
Sieht nicht so gut aus, wie?

M-K-D-B 24.03.2013 13:39
Servus,



sieht nicht so wild aus. :)





Schritt 1
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:
Code:
Microsoft Security Essentials
Avira
Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Ich empfehle dir, Avira zu deinstallieren.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."




Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix.

Baldoius 24.03.2013 13:54
Wie kann ich Microsoft Security Essentials entfernen?
Über "Software" geht nicht..........

M-K-D-B 24.03.2013 18:13
Servus,



Zitat:
Zitat von Baldoius (Beitrag 1034165)
Wie kann ich Microsoft Security Essentials entfernen?
Über "Software" geht nicht..........
Kommt eine Fehlermeldung? Wenn ja, welche?

Hier wird noch beschrieben, wie man es anders deinstallieren kann:
Manuelles Deinstallieren von Microsoft Security Essentials

Das solltest du allerdings nur tun, wenn du dich wirklich auskennst.

Baldoius 25.03.2013 05:38
ok, mit dem FixIt von Microsoft gings...!


Combofix hat mich nicht zum Neustart gedrängt.....hatte aber doppelt so lang wie normal....hehe.....hier die Combofix-Log:

Combofix Logfile:
Code:
ComboFix 13-03-24.03 - ***** 25.03.2013  5:44.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.6056.3350 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\WSPDll.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-02-25 bis 2013-03-25  ))))))))))))))))))))))))))))))
.
.
2013-03-25 04:35 . 2013-03-25 04:35        12688        ----a-w-        C:\FixitRegBackup.reg
2013-03-24 13:14 . 2013-03-24 13:14        --------        d-----w-        c:\users\*****\AppData\Roaming\KeePass
2013-03-24 13:01 . 2013-03-24 13:01        --------        d-----w-        c:\program files (x86)\KeePass Password Safe 2
2013-03-24 07:33 . 2013-02-12 04:12        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-03-23 04:48 . 2013-03-25 04:35        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0F36E55-6E11-47C5-A2BA-498A1C3C2F17}\offreg.dll
2013-03-23 04:44 . 2013-03-15 06:28        9311288        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0F36E55-6E11-47C5-A2BA-498A1C3C2F17}\mpengine.dll
2013-03-20 05:35 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\program files\iTunes
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\program files (x86)\iTunes
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\programdata\Apple Computer
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\program files\iPod
2013-03-20 05:35 . 2013-03-20 05:35        --------        d-----w-        c:\program files\Common Files\Apple
2013-03-20 05:34 . 2013-03-20 05:34        --------        d-----w-        c:\program files\Bonjour
2013-03-20 05:34 . 2013-03-20 05:34        --------        d-----w-        c:\program files (x86)\Bonjour
2013-03-18 11:53 . 2013-03-18 11:53        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 06:30 . 2013-03-16 06:30        4546560        ----a-w-        c:\windows\SysWow64\GPhotos.scr
2013-03-13 16:28 . 2013-03-13 16:28        --------        d-----w-        c:\program files (x86)\Audacity
2013-03-11 14:32 . 2013-03-13 16:16        --------        d-----w-        c:\program files (x86)\On s'entraîne
2013-03-09 09:27 . 2013-03-09 09:27        --------        d-----w-        c:\programdata\Electronic Arts
2013-03-09 09:27 . 2013-03-09 09:27        --------        d-----w-        c:\program files (x86)\Electronic Arts
2013-03-06 16:44 . 2013-03-06 16:44        --------        d-----w-        c:\users\*****\AppData\Roaming\Clickteam
2013-03-05 16:34 . 2013-03-16 18:57        --------        d-----w-        c:\users\*****\AppData\Roaming\CodeBlocks
2013-03-05 16:20 . 2013-03-05 16:20        --------        d-----w-        C:\codeblocks
2013-03-05 16:20 . 2013-03-05 16:20        --------        d-----w-        C:\cppbuchincludes
2013-03-05 14:50 . 2013-03-05 14:50        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-03-02 05:03 . 2013-03-02 05:03        --------        d-----w-        c:\program files (x86)\PortReporter
2013-02-27 05:40 . 2013-02-27 05:40        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-24 16:01 . 2013-03-10 06:53        --------        d-----w-        c:\users\*****\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 16:20 . 2011-08-07 09:00        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2013-03-24 07:27 . 2012-03-29 10:17        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-24 07:27 . 2011-08-08 13:46        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-18 11:53 . 2012-07-11 05:54        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 11:53 . 2011-08-07 11:36        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-16 17:02 . 2011-08-08 10:30        72013344        ----a-w-        c:\windows\system32\MRT.exe
2013-03-09 17:31 . 2012-10-10 04:58        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-03-09 17:31 . 2012-10-10 04:58        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-09 17:31 . 2012-10-10 04:58        141376        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2013-03-09 17:31 . 2012-10-10 04:58        114608        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2013-02-12 05:45 . 2013-03-13 11:45        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 11:45        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 11:45        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 11:45        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 11:45        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 11:45        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-02-09 16:39 . 2013-02-09 16:39        19696        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-08 05:09 . 2013-02-08 05:09        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-08 05:09 . 2013-02-08 05:09        310688        ----a-w-        c:\windows\system32\javaws.exe
2013-02-08 05:09 . 2013-02-08 05:09        188832        ----a-w-        c:\windows\system32\javaw.exe
2013-02-08 05:09 . 2013-02-08 05:09        188320        ----a-w-        c:\windows\system32\java.exe
2013-02-08 05:09 . 2012-08-17 18:15        1085344        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-02-08 05:09 . 2011-11-03 20:30        963488        ----a-w-        c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2011-09-18 07:01        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-08 05:32 . 2013-02-09 11:05        9161176        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B9761D7-026F-4B2D-9D21-0EC88E954C78}\mpengine.dll
2013-01-05 05:53 . 2013-02-16 06:57        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 06:57        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 06:57        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-16 06:57        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 06:57        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 06:57        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 06:57        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 06:57        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 06:57        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 06:57        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 06:57        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 06:57        1913192        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 06:57        288088        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-09 385248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-02-03 1937920]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"=c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [x]
R3 MEMSWEEP2;MEMSWEEP2; [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 PortReporter;Port Reporter;c:\program files (x86)\PortReporter\portreporter.exe [2004-03-30 90183]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-08 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
R4 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [2012-08-18 22016]
R4 DCMessages;DCMessages;c:\windows\SysWOW64\DCMessages.exe [2009-11-24 99720]
R4 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
R4 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R4 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2013-03-09 141376]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-10 27800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2013-03-09 657120]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-03-09 400608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-09 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-09 565472]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2013-03-09 114608]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 05:35        1629648        ----a-w-        c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 07:27]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2013-03-24 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2012-12-09 17:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41        220160        ---ha-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41        220160        ---ha-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50        755816        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50        755816        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50        755816        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50        755816        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.210 88.84.16.108
TCP: Interfaces\{52ACCD0C-CD6E-4B80-B520-286DEEC015E3}: NameServer = 192.168.0.220,192.168.0.210
TCP: Interfaces\{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}: NameServer = 127.0.0.1
TCP: Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: NameServer = 192.168.0.220,192.168.0.210
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\
FF - prefs.js: browser.search.selectedEngine - anderes-wort.de
FF - prefs.js: browser.startup.homepage - google.ch
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-09 17:47; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Fünf Freunde auf Schatzsuche - c:\windows\IsUn0407.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
"{0C15547E-1715-7E04-070C-016F04636665}"=hex:00,00,00,00,dc,07,05,00,03,00,10,
  00,0b,00,20,00,0c,00,3a,02,1e,00,00,00,1f,1f,1f,1f,dc,07,05,00,03,00,10,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-25  06:04:23
ComboFix-quarantined-files.txt  2013-03-25 05:04
.
Vor Suchlauf: 27 Verzeichnis(se), 163'735'040'000 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 163'568'791'552 Bytes frei
.
- - End Of File - - 68D0B4E7F188B9C36150DC1ABC09E01A
--- --- ---


Mit warten wurde es mir (fast) langweilig.........:rofl::rofl:

Nach Combofix ist Microsoft drauf........ah! die regedit-Anleitung hab ich noch nicht gemacht...........jetzt ist's weg ...... hehe

M-K-D-B 25.03.2013 14:48
Servus,



gibt es noch Probleme mit deinem Rechner, die auf Malware hindeuten?





Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall Wise Care 365.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Beantwortung der gestellten Frage,
  • die Logdatei von OTL.

Baldoius 25.03.2013 15:40
Zur Frage: Ok, wise tray ist entfernt

Otl: kommt gleich.......

Baldoius 25.03.2013 16:00
Otl.txt

Code:
OTL logfile created on: 25.03.2013 15:40:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,39% Memory free
11,83 Gb Paging File | 9,39 Gb Available in Paging File | 79,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 151,93 Gb Free Space | 63,71% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-X73S | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.25 15:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2013.03.25 15:36:19 | 000,600,288 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
PRC - [2013.03.16 18:24:40 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.09 18:31:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.09 18:31:35 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.09 18:31:32 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.03.09 18:31:31 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.03.09 18:31:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.09 18:31:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.09 18:31:29 | 000,046,960 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
PRC - [2013.03.09 16:32:45 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.07 14:00:01 | 000,024,576 | ---- | M] () -- C:\Users\****\Downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe
PRC - [2012.11.19 18:49:58 | 001,161,768 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.06 05:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.16 18:24:40 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.09 16:32:44 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.07 14:00:01 | 000,024,576 | ---- | M] () -- C:\Users\****\Downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe
MOD - [2013.02.15 19:37:56 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2013.02.15 19:37:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.07.11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.10.26 22:24:36 | 000,403,536 | -H-- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2013.03.24 08:27:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 18:31:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.09 18:31:35 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.09 18:31:32 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.09 18:31:31 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.09 18:31:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.09 16:32:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.26 15:09:22 | 001,225,312 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.11.26 15:09:20 | 000,659,040 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.08.18 11:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 19:08:04 | 008,186,368 | ---- | M] () [Disabled | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2012.03.19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.10.06 05:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.06.07 07:39:36 | 005,395,968 | ---- | M] (hMailServer) [Disabled | Stopped] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.11.24 09:55:54 | 000,099,720 | ---- | M] (Global Graphics Software Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\DCMessages.exe -- (DCMessages)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.16 01:30:42 | 000,084,536 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004.03.30 16:15:24 | 000,090,183 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PortReporter\portreporter.exe -- (PortReporter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.09 18:31:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.09 18:31:49 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.09 18:31:48 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.03.09 18:31:48 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.12.19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.10 04:09:26 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.01 01:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.09.27 11:36:26 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011.04.13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.13 14:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 23:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 07:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006.10.18 01:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012.11.13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.07.26 21:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 89 27 EF D1 20 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "anderes-wort.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ch"
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B00F0643E-B367-4779-B45D-7046EBA37A88%7D:13.0.1.9979
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.2.4
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.30
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121231-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@greentube.com/GreenWebPlayer: C:\Games\GreenWebPlayer\npgreenwebplayer.dll (Greentube Internet Entertainment Solutions GmbH)
FF - HKCU\Software\MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.0.0: C:\Users\****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3 [2012.12.10 06:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 16:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.07 15:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\extensions\extension@preispilot.com
 
[2011.08.07 12:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.03.24 09:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions
[2013.03.21 11:59:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.03.24 09:32:14 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.03.03 05:55:08 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.12.24 11:51:14 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.12.29 08:45:25 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\extension@preispilot.com.xpi
[2012.12.28 20:16:41 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.02.15 18:55:24 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.26 08:01:56 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.07 07:09:42 | 000,698,764 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013.02.25 06:07:03 | 000,002,341 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\searchplugins\anderes-wortde.xml
[2013.02.16 14:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 06:40:10 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\PROGRAM FILES (X86)\STEGANOS PASSWORD MANAGER 2012\SPMPLUGIN3
[2013.03.09 16:32:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.26 06:03:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.26 06:03:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.26 06:03:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.26 06:03:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.26 06:03:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.26 06:03:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: GreenWebPlayer (Enabled) = C:\Games\GreenWebPlayer\npgreenwebplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Advanced SystemCare 6 Opera Plugin (Enabled) = C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: ShiVa3D Plugin (Enabled) = C:\Users\****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.25 05:58:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.210 88.84.16.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ackermann-home.ch
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52ACCD0C-CD6E-4B80-B520-286DEEC015E3}: NameServer = 192.168.0.220,192.168.0.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: DhcpNameServer = 192.168.0.210 88.84.16.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: NameServer = 192.168.0.220,192.168.0.210
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.24 08:00:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.25 15:39:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.03.25 12:19:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.25 06:04:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.25 05:41:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.25 05:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.25 05:41:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.25 05:41:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.25 05:40:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.25 05:38:42 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.03.24 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\KeePass
[2013.03.24 14:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.03.24 12:39:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.exe
[2013.03.23 15:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.20 06:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.20 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.20 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.20 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.20 06:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.03.20 06:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.20 06:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.03.20 06:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.03.20 06:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.03.13 17:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.03.11 15:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\On s'entraîne
[2013.03.09 10:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.03.09 10:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.03.06 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Clickteam
[2013.03.06 17:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator
[2013.03.05 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Test
[2013.03.05 17:34:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\CodeBlocks
[2013.03.05 17:30:45 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\cppbuch
[2013.03.05 17:20:57 | 000,000,000 | ---D | C] -- C:\codeblocks
[2013.03.05 17:20:53 | 000,000,000 | ---D | C] -- C:\cppbuchincludes
[2013.03.05 17:20:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\cppbuch
[2013.03.05 15:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.05 15:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.02 06:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PortReporter
[2013.02.25 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Thunderbird
[2013.02.24 17:01:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.25 15:45:28 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.03.25 15:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.25 15:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.03.25 15:36:20 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.25 15:36:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 06:15:04 | 336,615,642 | ---- | M] () -- C:\Users\****\Desktop\sicherung.reg
[2013.03.25 06:06:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.25 05:58:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.25 05:46:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 05:46:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 05:39:18 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.03.25 05:35:36 | 000,012,688 | ---- | M] () -- C:\FixitRegBackup.reg
[2013.03.24 17:20:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.03.24 17:20:27 | 681,333,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.24 17:20:25 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 14:01:44 | 000,001,111 | ---- | M] () -- C:\Users\****\Desktop\KeePass 2.lnk
[2013.03.24 12:48:45 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\v7u9njc9.exe
[2013.03.24 12:47:33 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.03.24 12:47:06 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2013.03.24 12:39:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.exe
[2013.03.23 15:05:02 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.22 16:46:46 | 000,668,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.22 16:46:45 | 001,672,432 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.22 16:46:45 | 000,723,122 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.22 16:46:45 | 000,156,670 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.22 16:46:45 | 000,129,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 12:54:23 | 000,006,431 | ---- | M] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.03.14 06:39:16 | 000,031,995 | ---- | M] () -- C:\Users\****\Documents\vorspann5.xcf
[2013.03.13 17:28:58 | 000,001,013 | ---- | M] () -- C:\Users\****\Desktop\Audacity.lnk
[2013.03.13 17:25:43 | 000,016,384 | ---- | M] () -- C:\Users\****\Documents\Resultate.v12
[2013.03.11 17:42:22 | 000,001,241 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2013.03.09 18:32:22 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2013.03.09 18:31:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.09 18:31:49 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.09 18:31:48 | 000,141,376 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.03.09 18:31:48 | 000,114,608 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.03.05 17:23:51 | 000,001,797 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.03.05 17:21:47 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\codeblocks.lnk
[2013.03.03 15:29:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013.03.03 05:54:29 | 000,000,477 | ---- | M] () -- C:\Users\****\Desktop\mysql_start.bat
[2013.03.03 05:54:12 | 000,000,432 | ---- | M] () -- C:\Users\****\Desktop\apache_start.bat
[2013.02.27 06:41:31 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.27 06:41:31 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2013.03.25 06:14:27 | 336,615,642 | ---- | C] () -- C:\Users\****\Desktop\sicherung.reg
[2013.03.25 05:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.25 05:41:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.25 05:41:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.25 05:41:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.25 05:41:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.25 05:35:35 | 000,012,688 | ---- | C] () -- C:\FixitRegBackup.reg
[2013.03.24 17:20:27 | 681,333,796 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.24 14:01:44 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.03.24 14:01:44 | 000,001,111 | ---- | C] () -- C:\Users\****\Desktop\KeePass 2.lnk
[2013.03.24 12:48:45 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\v7u9njc9.exe
[2013.03.24 12:47:33 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.03.24 12:47:06 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2013.03.23 15:05:02 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.14 12:54:23 | 000,006,431 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.03.14 06:39:16 | 000,031,995 | ---- | C] () -- C:\Users\****\Documents\vorspann5.xcf
[2013.03.13 17:28:58 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.03.13 17:28:58 | 000,001,013 | ---- | C] () -- C:\Users\****\Desktop\Audacity.lnk
[2013.03.13 17:01:19 | 000,016,384 | ---- | C] () -- C:\Users\****\Documents\Resultate.v12
[2013.03.11 17:42:22 | 000,001,241 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2013.03.05 17:21:47 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\codeblocks.lnk
[2013.03.03 15:29:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013.03.03 05:53:52 | 000,000,477 | ---- | C] () -- C:\Users\****\Desktop\mysql_start.bat
[2013.03.03 05:53:52 | 000,000,432 | ---- | C] () -- C:\Users\****\Desktop\apache_start.bat
[2013.02.27 06:41:31 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.27 06:41:31 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.26 16:12:01 | 000,668,057 | ---- | C] () -- C:\Users\****\wartung.xcf
[2012.12.18 06:45:48 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.12.16 18:17:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.12.11 19:36:02 | 000,000,678 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini
[2012.11.15 12:55:36 | 000,116,380 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe
[2012.11.03 08:01:40 | 000,246,028 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.10.30 17:26:23 | 000,456,192 | ---- | C] () -- C:\Windows\SetACL.exe
[2012.10.23 18:13:00 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012.09.25 11:21:40 | 000,000,045 | ---- | C] () -- C:\Users\****\.edu.xtec.properties
[2012.09.23 06:51:23 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.20 03:50:16 | 000,089,069 | ---- | C] () -- C:\Users\****\test.png
[2012.08.29 03:54:41 | 000,000,048 | ---- | C] () -- C:\Users\****\.jupload.properties
[2012.07.06 15:41:01 | 000,015,760 | ---- | C] () -- C:\Windows\SysWow64\DCMessagesPS.dll
[2012.07.06 15:41:01 | 000,000,737 | ---- | C] () -- C:\Windows\SysWow64\oemsetup.ini
[2012.04.17 17:34:00 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.17 07:01:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.12.17 07:01:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.12.17 07:01:00 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.06 10:16:39 | 000,000,880 | ---- | C] () -- C:\Users\****\.recently-used.xbel.fss
[2011.09.30 16:06:06 | 001,650,326 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.27 11:32:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2011.08.21 09:06:18 | 000,000,680 | RHS- | C] () -- C:\Users\****\ntuser.pol
[2011.08.19 16:40:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 15:57:37 | 000,007,670 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2011.08.17 13:56:59 | 000,000,128 | ---- | C] () -- C:\Users\****\Alle.fss
[2011.08.07 18:52:59 | 000,000,168 | ---- | C] () -- C:\Windows\5Freunde.ini
[2011.08.07 11:19:57 | 000,012,288 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.22 11:41:40 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.06.22 11:41:37 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.06.22 11:41:37 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.06.22 11:35:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.04.20 09:18:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.09 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.10.28 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\aicon
[2013.01.15 17:42:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AltiumDesignerSummer09
[2011.09.22 15:35:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Anvil Studio
[2011.12.09 05:35:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software
[2012.09.08 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ashampoo
[2011.11.04 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASUS WebStorage
[2013.03.14 17:01:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2012.03.06 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Autodesk
[2012.02.07 17:25:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Blender Foundation
[2011.10.05 17:47:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2013.03.06 17:44:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Clickteam
[2012.01.04 12:45:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\concept design
[2013.03.24 09:16:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DesktopIconForAmazon
[2013.01.15 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dev-Cpp
[2012.07.01 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2012.05.08 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\engadven
[2011.12.12 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EurekaLog
[2012.08.25 06:09:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.07.01 07:32:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Firefly Studios
[2012.08.25 06:01:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FlashFXP
[2011.12.18 10:01:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Franzis
[2012.12.09 16:20:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Free MP3 WMA OGG Converter
[2011.09.22 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2011.10.16 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GlarySoft
[2012.07.06 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Global Graphics
[2012.04.16 08:00:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2012.12.11 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Home Sweet Home Christmas
[2013.01.24 06:28:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile
[2013.01.24 06:22:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM
[2012.12.24 06:22:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IObit
[2011.08.08 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iPodder
[2011.09.03 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView
[2013.03.24 14:14:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KeePass
[2011.08.11 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2013.02.07 08:03:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lindy
[2012.01.08 14:09:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX
[2011.12.18 08:58:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World
[2013.02.09 17:19:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.09.17 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nuance
[2012.12.18 06:45:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OCS
[2013.02.09 07:20:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2012.12.18 06:45:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012.07.01 15:26:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Philipp Winterberg
[2011.09.18 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst
[2012.09.26 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDISC
[2012.08.08 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2011.09.24 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\RavensburgerTipToi
[2011.08.17 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2012.06.02 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011.12.12 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Softplicity
[2012.01.06 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Software Informer
[2011.10.29 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Solveig Multimedia
[2012.12.10 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Steganos
[2012.07.05 05:41:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\StoneTrip
[2012.12.12 18:23:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\StreamTorrent
[2012.09.18 18:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.03 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\temp
[2011.08.07 12:24:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.09.09 16:59:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.09.09 16:57:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ts3overlay
[2013.01.03 16:35:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wargaming.net
[2012.08.28 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Webocton - Scriptly
[2011.09.20 17:00:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2
[2011.09.21 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2011.08.08 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
extras.txt

Code:
OTL Extras logfile created on: 25.03.2013 15:40:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,39% Memory free
11,83 Gb Paging File | 9,39 Gb Available in Paging File | 79,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 151,93 Gb Free Space | 63,71% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-X73S | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C52BD39-CE83-4D08-A0E1-4D7DD3B5C055}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1354FFD8-C43B-4C4A-A176-A496BB82AC57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18C59779-E34C-4A0B-B1C2-E9F74C4C3E01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B1B4F22-73CB-41A6-A130-F9E1030CD0E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27C3C985-D678-42C3-A3D4-9FCDEBCAEF95}" = rport=137 | protocol=17 | dir=out | app=system |
"{3766F919-9C65-4A71-B009-B6ABA23013FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44DDB1F6-C98E-40A3-8ADA-38D8B42CE7E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{52AD3C9B-FF9A-4CB6-AE61-BF7D4F34218E}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E316A5E-FE5F-4ECF-BBD8-8CE56D188F1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5ED0E8E5-1CF3-42DE-94F0-A0EE25EFC5A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609CB0BC-AE3E-4427-A317-1E9EA53D47E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{66FDBFCC-BF9D-4F47-A401-265D032F6D78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6D8D8A91-F7F5-4ADF-8488-304D195EC39A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78E66EB0-B4CE-49EA-B158-52EABC84B842}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D4A9835-E85F-4359-8285-A205313C8097}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{8C8898D9-8936-4C85-9287-33BF732EC53C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EF19B17-7BEA-4B1D-B771-C6598E9E8583}" = rport=445 | protocol=6 | dir=out | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B68832B1-FB7C-4F51-8F3F-C2226EA8CDAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6DF1D72-D79C-474C-8590-99A11E372B3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4C7BBE5-D323-40B4-8C4F-D09E960E66CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E40810E3-B466-49CC-862C-262C2A9DFD86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E88157B5-66E2-4965-BEDB-9E78D1AC8F1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA828933-6992-41F6-B3AC-8AFD775F8D90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCE9A7E1-49D9-457D-B41E-80558B7FF46F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCF0F2AF-6B8D-488D-BD55-2F98AE5444B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD31D710-03EE-45A2-940D-055F9F2123BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA9C06-CF22-4DBE-953A-95133ECF98F0}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{044B7A42-6B69-46C0-AA7E-FC2FBF63393F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0633A6BC-3D34-48D4-AED0-76FAFD1042C3}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{07D57583-FD04-4433-82A9-6A935B0E0128}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe |
"{09B8E06B-44E6-4AC6-B2EA-587E65C7B3D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A2E5E47-A0A7-43B5-8A11-56E623F213F3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{0B07B5A9-2A0E-462B-9FA7-A78CA3CF1E63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C4B143D-03B9-4A0A-AD17-C7AB9388919C}" = protocol=6 | dir=out | app=system |
"{0D0BD425-AB0C-4B2D-A3CD-0E56368E653A}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{113FBE06-F6BB-48E1-B16A-F7157918D3B6}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{11EA12D6-461A-4C69-91E7-8E5385E9DA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19320639-2E27-497F-922D-801F85D35718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23618935-C3FE-4204-90D9-F76A3A557702}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{24DCBDAA-02F1-4A96-8E92-19D974D736DE}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{29544FC4-5240-4D7B-BADF-8C3F5A24F25C}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{2DDA6028-9F3B-4686-84A0-6596A0AF6F7D}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{2F9A62DF-8173-4368-9350-EE240E1766AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{391CD310-DCC5-4F42-B7C9-04A62BF4FA5A}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{3B4B1419-745D-4CC1-9BC2-67D07775D97A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4008E305-D35A-49DA-80BF-29B31EA269BC}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe |
"{48EF5628-BBEA-4D8B-8513-C5465FCF35EF}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe |
"{50BCBB85-98A6-42A7-9783-1FD39CA804FF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{52E974FB-A34C-4495-B131-3E13655FA94A}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{54821D7A-C83E-42D7-BCA6-C1CAC5B55786}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{54DC93AA-A8AE-4E55-9FC5-7E608B310DFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56B5F0C7-6A62-4FFE-B96F-41ABEF55F736}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{597D78C0-C6FC-424F-8C5E-0F560CA39ABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AC853EB-A017-45D3-BB13-7FD54DF1D645}" = protocol=6 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe |
"{5E57F353-21EB-455C-A330-69C0F6CB9BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68A54052-58F3-40DC-89BD-75EC11C20645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69765F74-F265-4982-AC0B-8BCBCC2F7741}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{698AB5BD-DA21-462D-BF68-89EA467151C9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{69FE9373-6926-4C75-AB31-28D172855BF7}" = protocol=6 | dir=in | app=c:\users\********\appdata\roaming\icqm\icq.exe |
"{7363D4E7-8334-4271-8B15-27E787C741FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7455DC69-B15F-4FF0-BA58-6AE442DE914E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74ADA3B2-3F69-4F25-B62E-9320F6B33043}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe |
"{78DA1E8B-1D91-4BD9-AE81-EF76B01E1EB3}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8648F8DE-448A-4024-8485-C1488757A09F}" = protocol=17 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe |
"{88BB7955-427F-47A8-9DFC-AC010E90F957}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{89CEE6C7-E8DB-4605-A0DC-C221147C6129}" = protocol=17 | dir=in | app=c:\users\********\appdata\roaming\icqm\icq.exe |
"{926FBB88-EDC2-4BB0-BBA6-1F193BD98FDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{961503CE-8363-4ADC-B927-84809DB68888}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A192F7B-8F00-4173-B82E-9B1510A741CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{AE08495F-9BC9-4B87-A430-2C2B1A5CC920}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B01B7767-875B-41AB-9F23-037B6AEAC681}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{B43E4EC5-73E7-42E8-9781-61F0E689DA84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6B7785D-BDEE-42AD-B451-A0F99A12D8B6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B88223CC-E2BC-4C87-A315-06940EC6FF74}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe |
"{BAE61A5C-7F5B-4135-9D3A-C4F8785A39E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BAF6A631-C1CE-4464-BE80-55E1ABF9788B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCB49AC7-3DAD-4D66-837F-419FA363C275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C36A71F9-4DCE-4525-829A-B61A910CE7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{C84B4ACE-6368-4F85-AF61-914E128520A4}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{CC625164-A0DD-486E-AC97-020C9885E401}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D2213CFA-DA17-4ABF-9B58-51CF263EF9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{D37E3E91-26A7-4897-9492-71702FE4BA10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D410DF20-0A49-448D-93CB-E01C2E2A9E7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8A6F2CB-69C6-466C-8560-5E3B63CA2847}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{D8F961C4-10FB-4E73-8825-FEA920F256E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D90718F1-BE66-4033-8D89-B74132BC3858}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D97B7A45-A9B4-4ABB-B803-55A39E15A329}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{DB8959CD-1902-4FF3-BC1C-96D6EF5EAECD}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe |
"{E2B7FC12-33CD-4211-BC11-4C67CAD08B43}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{E889D922-5D92-4B39-878F-A62A024EC8D9}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{EC3B4687-10CC-418C-ACDD-5AF791194969}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{F0C898BA-3110-49DE-97B3-B1B8475BD7B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0D051C03-653A-4AEA-BCAB-416367A51692}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{4A34CBB2-428F-4F4B-AFC4-69D9BA3C59AC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{0C654612-BD51-4BD7-B2A8-384217075949}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{656571D9-2889-4719-ACD9-07E9E4A2FD60}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91CAD9F2-9826-4585-87E6-5E3CA0A6CADF}" = SmartFTP Client German (Germany) MUI
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A5D535DC-C407-414F-B212-2DB432C741EB}" = SmartFTP Client
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"GIMP-2_is1" = GIMP 2.8.0
"HMIWorks Standard Edition_is1" = HMIWorks Standard v2.05 Update 10 (for TouchPAD series)
"Loksim3D_is1" = Loksim3D
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.1.0-git-20121231-0404
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A3701BF-11E1-467D-AB26-43B03F34FF7A}" = MAGIX Speed burnR (MSI)
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5C26044C-4264-4E8A-AD7F-4685CBFE7EAB}" = gDoc Installer
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{825DCEAE-BCCE-4699-84FD-F8C23008240B}" = Altium Designer - Board Level Libraries
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8492053E-1FD0-4657-8CB0-52D0C7F3F476}" = gDoc Installer
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF3C220-0401-4945-A46F-63AFE6F4C114}" = Altium Designer Summer 09
"{A23CE7C7-29B6-444C-8D9D-EA6F4097A1C7}" = MAGIX Screenshare
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4F932E5-0072-498A-8766-423035842D2D}" = Vision Runtime Dependencies
"{C61EB330-EE5C-11D5-99DD-0050DA44D4BE}" = Kommissar Kugelblitz 3
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D5E3232E-BE61-45FA-96BB-700349EFF048}" = RippMe
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E46C4D1B-39D0-4A9F-0001-6529DDC11226}" = CDRWIN 9 Basic
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EABCE84D-314C-4D47-8B8D-2743B45A4686}" = gDoc
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED40EDB-B279-42EB-8D42-7E3D521F6E67}" = MySQL Server 5.5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6367FD3-B168-4BBC-AF25-2359CEF69C43}" = MAGIX Video easy 3 HD Download-Version
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D}" = MySQL Server 5.5
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"Abloadtool" = Abloadtool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Internet Security
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CloneCD" = CloneCD
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"Debut" = Debut Video Capture Software
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Earth Screensaver HD" = Earth Screensaver HD
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"File-Upload.net" = File-Upload.net
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"ftp-uploader" = ftp-uploader
"Fünf Freunde auf Schatzsuche" = Fünf Freunde auf Schatzsuche
"Game Cam" = Game Cam 2.6.1.0
"GDC" = GDC 0.24.svn.r229
"GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"giants_editor_5.0.1_is1" = GIANTS Editor 5.0.1
"Google Chrome" = Google Chrome
"GXTranscoder v2" = GXTranscoder v2
"hMailServer_is1" = hMailServer 5.3.3-B1879
"Home Sweet Home - Christmas Edition_is1" = Home Sweet Home - Christmas Edition
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"Inno Setup 5_is1" = Inno Setup Version 5.5.2
"Install Creator" = Install Creator
"InstallForge" = InstallForge
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Juice" = Juice 2.2
"jZip" = jZip
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"MAGIX_MSI_Video_easy_3" = MAGIX Video easy 3 HD Download-Version
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Max und die Geheimformel" = Max und die Geheimformel
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Notepad++" = Notepad++
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OpenTTD" = OpenTTD 1.2.3
"Picasa 3" = Picasa 3
"PicGrab_is1" = PicGrab 2.8.0
"Pic-Upload.de" = Pic-Upload.de
"Ravensburger tiptoi" = Ravensburger tiptoi
"Santa Claus 3D Screensaver_is1" = Santa Claus 3D Screensaver 1.1
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Shockwave" = Shockwave
"SkiRegionSimulator2012DE_is1" = Skiregion Simulator 2012
"SmartFTP Client 4.1 (x64) Setup Files" = SmartFTP Client Setup Files 4.1 (x64) (remove only)
"Sparfuchs_is1" = Sparfuchs
"ST6UNST #1" = Der Restaurant-Manager 1.5  Vollversion.de Edition
"Steinbruch-Simulator 2012 Patch 1.10_is1" = Steinbruch-Simulator 2012 Patch 1.10
"Steinbruch-Simulator 2012_is1" = Steinbruch-Simulator 2012
"SuperTux_is1" = SuperTux 0.1.3
"TKKG10" = TKKG10
"TmNationsForever_is1" = TmNationsForever
"Two Worlds Pinball" = Two Worlds Pinball
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xampp" = XAMPP 1.8.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Extreme Tux Racer" = Extreme Tux Racer
"gwp-DEFAULT" = GreenWebPlayer
"ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer)
"sc13-CH_MAIN" = Ski Challenge 13 (CH)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2013 05:26:11 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 24.03.2013 05:26:12 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.03.2013 05:26:12 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 24.03.2013 05:26:12 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error - 24.03.2013 07:10:23 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: xampp-control.exe, Version: 3.1.0.0,
 Zeitstempel: 0x505b977e  Name des fehlerhaften Moduls: xampp-control.exe, Version:
 3.1.0.0, Zeitstempel: 0x505b977e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001abefe
ID
 des fehlerhaften Prozesses: 0x1034  Startzeit der fehlerhaften Anwendung: 0x01ce288029553b0a
Pfad
 der fehlerhaften Anwendung: C:\xampp\xampp-control.exe  Pfad des fehlerhaften Moduls:
 C:\xampp\xampp-control.exe  Berichtskennung: 6b8d140c-9473-11e2-bdf6-cf3962170feb
 
Error - 24.03.2013 07:58:35 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v7u9njc9.exe, Version: 2.1.19155.0,
 Zeitstempel: 0x51349f87  Name des fehlerhaften Moduls: v7u9njc9.exe, Version: 2.1.19155.0,
 Zeitstempel: 0x51349f87  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0008c830  ID des fehlerhaften
 Prozesses: 0x1790  Startzeit der fehlerhaften Anwendung: 0x01ce2885c2be4827  Pfad der
 fehlerhaften Anwendung: C:\Users\********\Desktop\v7u9njc9.exe  Pfad des fehlerhaften
 Moduls: C:\Users\********\Desktop\v7u9njc9.exe  Berichtskennung: 275556ea-947a-11e2-bdf6-cf3962170feb
 
Error - 24.03.2013 09:29:54 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.03.2013 09:29:54 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 24.03.2013 09:29:54 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 24.03.2013 12:31:47 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LiveUpdt.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a6d7c8e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xa68  Startzeit der fehlerhaften Anwendung: 0x01ce28ad118ec05b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 51d5cc88-94a0-11e2-b01e-c951fea6fe6d
 
[ System Events ]
Error - 25.03.2013 01:20:51 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 01:30:51 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 01:40:51 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 07:17:11 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 25.03.2013 07:21:57 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 07:31:57 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 07:41:57 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 07:51:57 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 10:39:14 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
Error - 25.03.2013 10:49:14 | Computer Name = ASUS-X73S.ackermann-home.ch | Source = DCOM | ID = 10016
Description =
 
 
< End of report >

M-K-D-B 25.03.2013 16:10
Servus,



Wir kontrollieren nochmal alles. :)



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Baldoius 25.03.2013 16:20
Schritt 1:

Code:
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: ****
->Temp folder emptied: 1232424 bytes
->Temporary Internet Files folder emptied: 30831 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53193396 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1217 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1120 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 52,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03252013_161537

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Andere folgen.....

Schritt 2:

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.25.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
****** :: ASUS-X73S [Administrator]

Schutz: Deaktiviert

25.03.2013 16:23:53
mbam-log-2013-03-25 (16-23-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263510
Laufzeit: 5 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Rest folgt....bitte hab Geduld :pfeiff::pfeiff:

M-K-D-B 25.03.2013 17:34
Zitat:
Zitat von Baldoius (Beitrag 1034903)
Rest folgt....bitte hab Geduld :pfeiff::pfeiff:
Keine Sorge, ich hab Geduld... ich weiß, dass ESET dauern kann. ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131