Trojaner-Board - Laptop CPU Auslastung bie Start schon 100%

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Laptop CPU Auslastung bie Start schon 100% (https://www.trojaner-board.de/134237-laptop-cpu-auslastung-bie-start-schon-100-a.html)

Laptop CPU Auslastung bie Start schon 100%

Guten Tag liebe leute!
Schreibe zum Ersten mal hier im Forum und hoffe bin hier richtig.
Also hab mir vorgenommen den Lappi von meiner Freundin mal bissl schneller zu machen weil sie immer drüber klagt wie sehr doch alles hängt.
So nun hab ich gesehen das die CPU auslastung schon beim start 80- 100% ist.
Sie hat den Lappi von ihrem Stiefpapa und was der damit gemacht hat weiß ich net^^
hab versucht mit Avira zu schauen ob was an Schädlingen drauf ist aber der findet nix.
Hab CCleaner drüber laufen lassen und paar GB belöscht aber auch das hat nicht geholfen.

Nun hab ich dieses ESET was hier im Forum immer wieder auftaucht drüber laufen lassen aber das ist schon ne halbe stunde dran und braucht auch denke noch mindestens 1 stunde.

Würde ja auch gern Alles runter hauen und Windows neu drauf ziehen aber auch das ist keine Option da ich davon keine CD/DVD hab und der bei der letzten Virus Attacke schon den Code nicht angenommen hat der unten auf dem Laptop steht(wieso auch immer er den haben wollte).

Hoffe ihr habt alles verstanden und könnt bissl helfen
MFG TheDragon

Hi,

poste dann das Ergebnis vom ESET-Scan, sobald er fertig ist. Und zusätzlich:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=03bb8ff539302d4c878a7fa653fddf14

# engine=13715

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-04-28 10:36:44

# local_time=2013-04-29 12:36:44 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1799 16775165 100 99 41352 232611894 34064 0

# compatibility_mode=3588 16777213 100 96 55425938 116262939 0 0

# compatibility_mode=5893 16776574 100 85 119627347 119627347 0 0

# scanned=222198

# found=2

# cleaned=0

# scan_time=17627

sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\qijsslxkrbtjtau\main.html"

sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\qijsslxkrbtjtau\main.html"

Ok, wenn ich über den Rechner drüberschauen soll, dann mach und poste bitte noch die Gmer- und OTL-Logs (wie in oben verlinkter Anleitung beschrieben).

So also hier schonmal die log files von OTL^^ hoffe ist so richtig^^

Code:

OTL Extras logfile created on: 29.04.2013 17:47:43 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free

5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS

Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS

Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JULIA | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08654EFC-46D2-4C7E-8516-CBEC8F76F8D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{11DD7A5B-9ECE-4269-A6EC-C84D60C430EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{14CC44CF-1814-4958-8912-8330D4E7512F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{17BB42EB-08EE-461F-8CB1-C00F2B5428D1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{1E692585-2289-4B9D-A7F7-F25A476E36B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{244826D4-2539-48CF-9127-90D678720DC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{245819C8-95E9-442E-8238-68D8706BE827}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{25201575-ACFF-4E17-B434-B224C01AC8BE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{26CDC7F8-C596-463C-AFF6-BF8C98BB5CE5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{27A0B88B-8FBA-464A-98FC-50CE7E9C43C1}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{2B42F44B-8F4F-43DC-B3F8-B69C70831BD1}" = lport=56146 | protocol=17 | dir=in | name=pando media booster | 

"{2E3F8C69-A9BC-4729-8E2D-20FFB2B3C810}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2EFAC057-D9A6-42DF-9935-6D882A41B446}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{3960544B-11D7-4649-A843-C47BB3C4F6EF}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{3B37398C-220F-4F67-BEE0-45315AA1F304}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3C55CB81-366D-4957-8101-111F6795F10E}" = lport=56146 | protocol=6 | dir=in | name=pando media booster | 

"{4076C664-17BD-4ACE-AC53-48ECDFD8F43E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{4919EB46-C9D9-40A7-A404-4BDFC3A98F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6DA6348B-DBCE-459E-A250-8CAC582239B2}" = lport=56146 | protocol=17 | dir=in | name=pando media booster | 

"{74E4FD2D-924D-479A-A2FE-65104983704A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7BA7B517-2784-4A01-897E-B23ECEB9E489}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8328CD22-6AC2-4224-989B-2955C27ED807}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{9BF01D92-EA84-4ED0-BD56-E5D7CFDEA257}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{BCF982F3-168F-48A7-B8B2-45C2F488E540}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C38A7B74-26F6-4F04-A8F8-DEAB4FF87043}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{D29E965B-D55F-42FA-A13B-9EA6BC567CD0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{D61CD1CB-79B5-4D5A-A773-B676BE57AEEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D95B8AFD-2716-4081-B017-01BD33740E54}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{F042C6D3-CE6B-4BAA-ABBE-FE5F5FB76FF9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{F1F842F3-E112-4AC2-B001-406C4E61C270}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{FBEDFB4E-1D81-4963-A548-A0D13EECC9C5}" = lport=56146 | protocol=6 | dir=in | name=pando media booster | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02EB7D70-CB18-45D9-8F7B-2B04F36EEE4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{0983506B-E96F-40F7-AEA6-2572DBB6B1BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{0AF33586-4A72-4829-9698-4F5CD1561072}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{0B7F9B07-2594-46B0-9FAE-241CBE44CD78}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 

"{0DC9917C-7EE7-4870-818C-AB72F8D67785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{10C5A32D-332C-49F5-8696-1772DB219F67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{145147C7-F7D9-4B4E-84A6-FA13686DC8CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1D304778-FED4-41AA-8572-648689D167BC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{1FACE77A-7DD6-4E84-A8F9-BA7808A73669}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2940E372-AAF8-4DAC-87C9-71537559387D}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 

"{29B36FAB-3049-4407-B373-268A7F2B05C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{31FC7D30-CD46-4855-89D5-0F9B5DEE11E1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{3D2AE433-A82E-4798-97F1-4B414569365A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{42C754CE-D0F1-4AB7-8567-E8A35D7E6F6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{46551134-08DA-4F72-9923-2F283A9D7047}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 

"{4F5CF4EE-A45F-4F3A-B4BB-6E782BB09FBA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{57997001-ACC7-4DCD-B52F-45A2A6E14A6B}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 

"{67DF9DDC-34F4-4D54-AE41-656E6908A64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{6F2D788A-FA0A-4638-B98C-5EFB3F04C3C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{75D3E1ED-F0DC-47D1-B964-91B8AA57AF4E}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 

"{76C783FD-E128-4813-B5E9-F0D4ECE3D44E}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 

"{803EB001-F3F1-418C-9E1E-08DF306EC221}" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{8A9DD836-232F-4FA3-ABDA-505B1FBFF51C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 

"{96361FF8-BE43-418D-9816-A2A5BD123E0C}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"{9932F96B-AE10-4172-81E4-DD159A83267D}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 

"{AF62976E-04AC-4754-B165-F9ADE49F7038}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 

"{B00252FA-DFAD-4664-B49D-25460B0AD532}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 

"{B6591B29-2080-4203-AE77-6DB7F0C210DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C98D76A3-20B3-4BD7-9565-76CE76BDF095}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{D4E08671-7822-45FE-95F8-22A80710A548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D9030FCB-998C-4856-8F61-DE7D0ED38A0B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{DC28CD57-D724-4152-8C8F-E8D67D969F27}" = protocol=6 | dir=out | app=system | 

"{E0B15398-906E-4B55-8598-4222EF3C8A8D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"{EDD2E25D-7504-4D7F-A499-095AF179BC8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F140104D-7EB4-4C2E-9706-D5A22CCE1137}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{F3EB9915-821B-4A36-8C6C-F1C036BC55EB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{FF36D5AD-DC41-4543-AEBE-0304E3E96D14}" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"TCP Query User{1F751E3E-FD2F-4084-91B6-567EFA2267D4}C:\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe | 

"TCP Query User{235647C8-5FDB-4E7C-AE48-857C9A8E62CA}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 

"TCP Query User{28FC8C5F-1E67-4047-859E-4FA418A4EE02}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 

"TCP Query User{2D96F0DD-132B-463F-9128-8D96D5AFC064}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 

"TCP Query User{33E65000-08B3-4C07-AF99-F1D27BC00DE3}C:\users\gast\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | 

"TCP Query User{437B0D32-6233-498D-A6CB-C5619EBBE5BB}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 

"TCP Query User{4F6A8E47-CB0C-46ED-A33D-C811B7AC06FB}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 

"TCP Query User{52EE82B5-06ED-447E-8520-FD9D82DDCB8E}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 

"TCP Query User{53B0FECA-5F72-464C-B688-B1072EB3CD9E}F:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe | 

"TCP Query User{55D6EEFA-7362-4539-BC56-743B9248775D}F:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"TCP Query User{6E325B3B-4518-4506-A1A8-CD9EF9C735BD}F:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 

"TCP Query User{89E24BA8-DA63-4F2E-BAA3-9352C730E1A6}F:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 

"TCP Query User{8F792D6F-067F-4B45-B78F-CB111B4E7FD8}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 

"TCP Query User{B4FCDBDE-3050-464C-958E-5EA5EDE9B2C1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{BBCBB806-2DD0-40AB-BDBA-3C11F4C3D06A}F:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=f:\world of warcraft\repair.exe | 

"TCP Query User{C2BEF8A5-E864-40AE-994A-1054A7AC9643}C:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"TCP Query User{D85AA258-2F53-4C8A-9758-8E833CD67CF2}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 

"TCP Query User{F5840FFA-0572-43D6-95BD-F97A1CE2A16E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"TCP Query User{F5B98561-B81A-49FB-ADFF-ECE22BA1367F}C:\users\gast\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | 

"UDP Query User{17BB8C5D-FC5C-4EA5-9364-07C546E7DCC9}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 

"UDP Query User{2881D1F4-ACE2-48BC-8D0D-48276D89C547}F:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 

"UDP Query User{34707DF4-359F-4F21-A959-1F7872ABBDB3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{3EB5BF72-9656-4F95-9766-284DA173D8E1}F:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe | 

"UDP Query User{43DAC4C6-D45C-470B-B218-F6F13B991424}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 

"UDP Query User{5392B246-14AF-49F5-B405-0E374D03C5C5}C:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"UDP Query User{53D46A22-EF38-4D0D-9D84-83DB6F3B6563}F:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=f:\world of warcraft\repair.exe | 

"UDP Query User{5FA6110E-C3D8-47AC-8231-3BFE28527AC7}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 

"UDP Query User{60CBB0A1-0CF8-42B1-8C5B-F95AE7B4C3BD}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 

"UDP Query User{68891A2D-66BB-4695-8413-887D48796BC3}C:\users\gast\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | 

"UDP Query User{78BE329F-CC3A-4463-A3E8-2084384F3B01}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 

"UDP Query User{7D29ED84-6191-41BE-B35F-E39BE58DE8AA}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 

"UDP Query User{B10A09FE-0229-4100-8E67-3C2883BEF70A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 

"UDP Query User{BDB99255-234D-4D5A-9BBD-29E9DC4AD4A5}C:\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe | 

"UDP Query User{CF027B4E-CE02-4409-BD5D-CDE848F9F17E}F:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"UDP Query User{D5CEF04D-BF87-4D0F-9C18-EDCC25D3281A}F:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 

"UDP Query User{EFAEC3CD-1DA4-41B5-ABE4-18ADB9DDEF9B}C:\users\gast\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | 

"UDP Query User{F27C80AD-8472-4DAA-84CB-2E5F43B34713}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe | 

"UDP Query User{FBC63886-CA0A-4430-8A63-3A23493DD982}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = Spellforce 2 - Shadow Wars

"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely

"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22984187-6C4C-4871-8A72-ABBF24F3ADF8}" = Requiem

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33

"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility

"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition

"{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}" = SpellForce 2 Shadow Wars

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.4.0.20

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{38FC2AF7-9140-409F-8F85-0375B3ED6641}" = FooBillard++

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish

"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite

"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian

"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common

"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0

"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate

"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East

"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light

"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French

"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{777C64A3-5909-4DBC-B917-F5AD8DFB9B09}" = COMPUTERBILD Alles-Öffner

"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch

"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian

"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese

"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai

"{8842825B-C865-40D3-89FD-A48A942195B4}" = Wireless LAN Driver

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PRJPROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PRJPROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PRJPROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007

"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPROR_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007

"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{91244C78-951F-457C-B7E5-1447A3F79238}_is1" = ANSTOSS 4 Edition 03-04 1.7

"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish

"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor

"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy

"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German

"{A70ABAD3-7887-4F7F-9DA3-80363E70FDC2}" = Buhl  Buero komplett

"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins

"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney

"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full

"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish

"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech

"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{D1D02D9E-46BB-484D-B051-27D72C85F75B}" = COMPUTERBILD Alles-Öffner

"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution

"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static

"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing

"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC

"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard

"{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Festplattenmanager 2007

"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean

"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Adobe Shockwave Player" = Adobe Shockwave Player

"Akamai" = Akamai NetSession Interface

"ANNO1602" = Anno 1602

"Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"Cave Quest" = Cave Quest

"CCleaner" = CCleaner (remove only)

"Die Jade-Münze" = Die Jade-Münze

"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis

"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER

"EdenEternal-DE" = EdenEternal-DE

"ESET Online Scanner" = ESET Online Scanner v3

"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)

"KnightsAndMerchants" = KnightsAndMerchants

"Land der Magie" = Land der Magie

"Metin2_is1" = Metin2

"Moorhuhn Piraten" = Moorhuhn Piraten

"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages

"Motherboard Monitor 5_is1" = Motherboard Monitor 5

"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia PC Suite" = Nokia PC Suite

"PokerStars" = PokerStars

"PokerStars.net" = PokerStars.net

"PRJPROR" = Microsoft Office Project Professional 2007 Trial

"RealPlayer 12.0" = RealPlayer

"Retter in der Not" = Retter in der Not

"Ritter Arthur" = Ritter Arthur

"RollerCoaster Tycoon Setup" = Roll

"S4Uninst" = Die Siedler IV

"Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls

"Sheep" = Sheep

"Soul Reaver 2" = Soul Reaver 2

"UT2003" = Unreal Tournament 2003

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 2.0.0

"WinRAR archiver" = WinRAR

"WinZip" = WinZip

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"WinSetupFromUSB" = WinSetupFromUSB

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24.04.2013 18:36:22 | Computer Name = Julia | Source = EventSystem | ID = 4621

Description = 

 

Error - 25.04.2013 00:48:57 | Computer Name = Julia | Source = Winlogon | ID = 4103

Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

 

Error - 25.04.2013 18:18:39 | Computer Name = Julia | Source = MsiInstaller | ID = 11321

Description = 

 

Error - 25.04.2013 18:18:49 | Computer Name = Julia | Source = MsiInstaller | ID = 1024

Description = 

 

Error - 25.04.2013 18:18:49 | Computer Name = Julia | Source = MsiInstaller | ID = 1024

Description = 

 

Error - 26.04.2013 07:02:06 | Computer Name = Julia | Source = Winlogon | ID = 4103

Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

 

Error - 26.04.2013 18:48:28 | Computer Name = Julia | Source = EventSystem | ID = 4621

Description = 

 

Error - 27.04.2013 01:05:35 | Computer Name = Julia | Source = Winlogon | ID = 4103

Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

 

Error - 28.04.2013 06:48:14 | Computer Name = Julia | Source = Winlogon | ID = 4103

Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

 

Error - 28.04.2013 13:29:13 | Computer Name = Julia | Source = Winlogon | ID = 4103

Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

 

[ OSession Events ]

Error - 18.11.2007 10:50:07 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 389

 seconds with 360 seconds of active time.  This session ended with a crash.

 

Error - 11.12.2007 07:21:33 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217

 seconds with 180 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 29.04.2013 10:00:55 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:03:58 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:07:42 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:17:10 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:27:22 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:33:19 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:35:47 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 10:56:59 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 11:29:03 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 29.04.2013 11:39:26 | Computer Name = Julia | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

 

< End of report >

Code:

OTL logfile created on: 29.04.2013 17:47:43 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

Dieses gmer funzt net stürzt immer ab also wenns am laufen ist kommt auf einmal fenster mit "das programm funktioniert nicht mehr online nach lösung suchen oder sofort schließen"

Ok, dann lass Gmer mal bleiben.
Aber das eine Log von OTL (das OTL.txt) hast du unvollständig gepostet. Kannst du das bitte nochmals ganz nachreichen?

Code:

OTL logfile created on: 29.04.2013 17:47:43 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free

5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS

Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS

Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JULIA | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.20\LightShot.exe

PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll

MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)

SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP)

DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)

DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA)

DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP)

DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI)

DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW)

DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV)

DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX)

DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)

DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)

DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)

DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)

DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)

DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)

DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] (   ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=VZ2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="

FF - prefs.js..network.proxy.type: 4

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.28 16:24:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005 [2012.12.10 23:59:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

 

[2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions

[2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com

[2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml

[2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml

[2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml

[2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml

[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif

[2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml

[2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

[2012.12.10 23:59:35 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER\APPDATA\ROAMING\17001.005

[2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O4 - HKCU..\Run: [Ybgiyw] C:\Users\user\AppData\Roaming\Luawha\anze.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN)

O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell - "" = AutoRun

O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell - "" = AutoRun

O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell\AutoRun\command - "" = H:\autorun.exe -auto

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable

[2013.04.29 17:21:27 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.04.29 17:21:27 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.04.29 17:21:27 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.04.29 17:21:27 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.04.29 16:38:24 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2013.04.29 14:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job

[2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2013.04.28 19:29:36 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013.04.28 19:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.28 19:28:44 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 15:00:01 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job

[2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2013.04.08 18:37:29 | 000,000,541 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable

[2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.01.20 15:42:28 | 000,000,541 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res

[2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps

[2012.10.25 18:53:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad

[2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg

[2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg

[2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png

[2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg

[2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg

[2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd

[2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif

[2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd

[2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif

[2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd

[2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif

[2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps

[2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps

[2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg

[2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc

[2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini

[2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll

[2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll

[2011.06.30 13:19:37 | 000,018,120 | ---- | C] (   ) -- C:\Windows\System32\drivers\ArtecGT.sys

[2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini

[2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI

[2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini

[2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini

[2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR

[2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.10 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\17001.005

[2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze

[2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery

[2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing

[2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft

[2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0

[2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ

[2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock

[2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha

[2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX

[2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad

[2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio

[2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia

[2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd

[2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite

[2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft

[2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS

[2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007

[2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird

[2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs

[2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft

[2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk

[2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue

[2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy

[2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm

[2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine

[2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074
 

< End of report >

das war alles was in der datei drin steht

Ja, so passt es.

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von OTL

Code:

OTL logfile created on: 29.04.2013 17:47:43 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free

5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS

Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS

Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JULIA | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.20\LightShot.exe

PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll

MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)

SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP)

DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)

DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA)

DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP)

DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI)

DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW)

DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV)

DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX)

DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)

DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)

DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)

DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)

DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)

DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)

DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] (   ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=VZ2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="

FF - prefs.js..network.proxy.type: 4

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.28 16:24:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005 [2012.12.10 23:59:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

 

[2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions

[2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com

[2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml

[2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml

[2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml

[2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml

[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif

[2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml

[2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

[2012.12.10 23:59:35 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER\APPDATA\ROAMING\17001.005

[2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O4 - HKCU..\Run: [Ybgiyw] C:\Users\user\AppData\Roaming\Luawha\anze.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN)

O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell - "" = AutoRun

O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell - "" = AutoRun

O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell\AutoRun\command - "" = H:\autorun.exe -auto

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable

[2013.04.29 17:21:27 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.04.29 17:21:27 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.04.29 17:21:27 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.04.29 17:21:27 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.04.29 16:38:24 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2013.04.29 14:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job

[2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2013.04.28 19:29:36 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013.04.28 19:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.28 19:28:44 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 15:00:01 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job

[2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2013.04.08 18:37:29 | 000,000,541 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable

[2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.01.20 15:42:28 | 000,000,541 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res

[2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps

[2012.10.25 18:53:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad

[2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg

[2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg

[2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png

[2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg

[2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg

[2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd

[2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif

[2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd

[2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif

[2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd

[2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif

[2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps

[2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps

[2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg

[2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc

[2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini

[2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll

[2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll

[2011.06.30 13:19:37 | 000,018,120 | ---- | C] (   ) -- C:\Windows\System32\drivers\ArtecGT.sys

[2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini

[2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI

[2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini

[2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini

[2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR

[2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.10 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\17001.005

[2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze

[2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery

[2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing

[2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft

[2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0

[2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ

[2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock

[2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha

[2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX

[2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad

[2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio

[2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia

[2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd

[2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite

[2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft

[2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS

[2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007

[2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird

[2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs

[2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft

[2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk

[2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue

[2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy

[2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm

[2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine

[2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074
 

< End of report >

das war alles was in der datei drin steht

Das Log ist bereits angekommen.. :)
Die nächsten Schritte stehen in meinem vorherigen Post.

ja entschuldigung xD
krieg den net gelöscht und ist 2 mal gepostet worden wie man sieht^^

mache das so schnell wie möglich aber wenn ich jetzt anfange sitz ich bei der geschwindigkeit heute nacht um 5 noch hier also morgen leider erst..

Du brauchst nichts zu löschen, das ist schon ok.
Poste dann einfach alle 3 Logs zusammen, wenn du fertig bist.

Sooo... 1ter log:

Code:

# AdwCleaner v2.300 - Datei am 30/04/2013 um 10:19:34 erstellt

# Aktualisiert am 28/04/2013 von Xplode

# Betriebssystem : Windows 7 Ultimate  (32 bits)

# Benutzer : user - JULIA

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

Ordner Gelöscht : C:\Program Files\AskTBar

Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB

Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar

Ordner Gelöscht : C:\Program Files\ICQ6Toolbar

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.7600.16385
 

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
 

-\\ Mozilla Firefox v17.0.1 (de)
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

*************************
 

AdwCleaner[S1].txt - [6162 octets] - [30/04/2013 10:19:34]
 

########## EOF - C:\AdwCleaner[S1].txt - [6222 octets] ##########

nun der combofix bei dem das was am ende von der anleitung steht kam:

Code:

ComboFix 13-04-29.01 - user 30.04.2013  10:33:01.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1918.1178 [GMT 2:00]

ausgeführt von:: c:\users\user\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Norton Internet Security Online *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security Online *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Norton Internet Security Online *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\xp-AntiSpy

c:\program files\xp-AntiSpy\sponsoring\ebay.ico

c:\program files\xp-AntiSpy\sponsoring\ebay_desktop.ico

c:\program files\xp-AntiSpy\sponsoring\ebay_hover.ico

c:\program files\xp-AntiSpy\sponsoring\sponsor.html

c:\program files\xp-AntiSpy\sponsoring\sponsor.url

c:\programdata\netdislw.pad

c:\users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

c:\users\user\AppData\Roaming\17001.005

c:\users\user\AppData\Roaming\17001.005\chrome.manifest

c:\users\user\AppData\Roaming\17001.005\components\AcroFF.txt

c:\users\user\AppData\Roaming\17001.005\install.rdf

c:\users\user\AppData\Roaming\5itwbywq.default.tmp

c:\users\user\AppData\Roaming\AcroIEHelpe.txt

c:\users\user\AppData\Roaming\srvblck5.tmp

c:\windows\IsUn0407.exe

c:\windows\system32\CddbCdda.dll

c:\windows\system32\Dump

c:\windows\system32\Dump\MiniDump.dmp

c:\windows\system32\tmp90AA.tmp

c:\windows\system32\tmp933B.tmp

c:\windows\system32\tmp9981.tmp

c:\windows\UA000096.DLL

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-30  ))))))))))))))))))))))))))))))

.

.

2013-04-30 08:42 . 2013-04-30 08:45        --------        d-----w-        c:\users\user\AppData\Local\temp

2013-04-28 17:40 . 2013-04-28 17:40        --------        d-----w-        c:\program files\ESET

2013-04-27 09:20 . 2013-04-28 17:32        --------        d-----w-        c:\users\user\AppData\Roaming\Luawha

2013-04-27 09:20 . 2013-04-28 17:26        --------        d-----w-        c:\users\user\AppData\Roaming\Vieqy

2013-04-27 09:20 . 2013-04-27 09:20        --------        d-----w-        c:\users\user\AppData\Roaming\Ackyze

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-21 10:58 . 2012-07-14 22:21        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-21 10:58 . 2012-07-14 22:21        691592        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2009-04-15 20:24 . 2012-12-06 15:12        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-04-15 20:24 . 2012-12-06 15:12        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2012-12-06 15:12 . 2012-12-06 15:11        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"LightShot"="c:\users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-15 226152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 5 (0x5)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

R2 SampleScanner;USB-Flachbettscanner;c:\windows\system32\DRIVERS\ArtecGT.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [x]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 MSSQL$SASMB_VRA;SQL Server (SASMB_VRA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]

S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - EraserUtilRebootDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2013-04-30 c:\windows\Tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job

- c:\program files\Skillbrains\Updater\Updater.exe [2013-01-20 22:26]

.

2013-04-30 c:\windows\Tasks\update-sys.job

- c:\program files\Skillbrains\Updater\Updater.exe [2013-01-20 22:26]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de

uInternet Settings,ProxyOverride = <local>

IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Suche - d:\software\eBayTb.dll/RCSearch.html

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}\46C696E6B6: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5itwbywq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2010-02-26 22:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - ExtSQL: !HIDDEN! 2011-07-27 12:29; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2011-07-27 12:29; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2013-01-28 15:24; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff

 

 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)

HKCU-Run-Ybgiyw - c:\users\user\AppData\Roaming\Luawha\anze.exe

AddRemove-KnightsAndMerchants - c:\windows\unin0407.exe

AddRemove-S4Uninst - c:\windows\IsUn0407.exe

AddRemove-Sheep - c:\windows\IsUn0407.exe

AddRemove-Soul Reaver 2 - f:\5.spiele\Eidos Interactive\Eidos Interactive\Soul Reaver 2\uninstsr2.exe

AddRemove-WinSetupFromUSB - c:\users\user\Desktop\Programme\Windows Vista Home Premium 32bit\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]

@Denied: (C D) (Everyone)

"{D27B16FA-0B28-4DD6-8AD7-2BD3FBECCCF7}"=""

"{A0898FE3-CABF-4EEA-8828-A096D8F616BE}"=""

"{4986B97E-2288-45BD-ACAF-C44F27CDA8B2}"=""

"{015C2244-B8D7-4867-85BD-3D89FF358EC6}"=""

"{59C5456B-7541-43E6-8108-C7A11F6C3F06}"=""

"{9945B4BB-CEAD-4B93-92CC-5FF4BA2340AC}"=""

"{2870824E-8163-4F77-B013-408A18333734}"=""

"{77365E99-2306-44F3-9770-78BF4E4EAC32}"=""

"{4C4845E6-5B89-4988-828D-3F62AE52D0B2}"=""

"{7441D956-F53F-40C4-9CC0-FF175A1BC728}"=""

"{59D49A23-1EB3-4F21-BB10-5A98081A1440}"=""

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Autorun]

@DACL=(02 0000)

"Autorun"=dword:00000000

"Blank"=dword:00000000

"Number of tests"=dword:00000000

"Repeat"=dword:00000000

"Repeat Delay"=dword:00000000

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Capture]

@DACL=(02 0000)

"Capture File Dialog"=dword:00000001

"Clipboard"=dword:00000001

"File"=dword:00000001

"Filename"="%M %V %D %T"

"Folder"="c:\\Users\\user\\Documents"

"Format"="png"

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\CD Quality]

@DACL=(02 0000)

"Background Color"=dword:00000000

"Background Color 2"=dword:00404040

"Background Gradient"=dword:00000001

"BG Error Limits"=dword:00000000

"C1 Color"=dword:00ffff00

"C2 Color"=dword:0000ffff

"Color Scheme"=dword:00000001

"Detect Speed"=dword:00000001

"Graph Limit 1"=dword:ffffffff

"Graph Limit 2"=dword:ffffffff

"Graph Mask"=dword:000000ff

"Horizontal Grid"=dword:00000001

"Jitter Color"=dword:00ff00ff

"LiteOn Settings"=dword:000508ee

"Measure Points"=dword:00000014

"Nec Settings"=dword:000508ff

"Panasonic Settings"=dword:000508ee

"Philips Settings"=dword:000508ff

"Pioneer Settings"=dword:000508ff

"Primary Grid Color"=dword:00ff0000

"QuickScan"=dword:00000000

"Sample Length"=dword:00000005

"Secondary Grid Color"=dword:00800000

"Show C1"=dword:00000000

"Show Error Limits"=dword:00000001

"Show Label"=dword:00000001

"Show Speed"=dword:00000001

"Show Statistics"=dword:00000001

"Speed CD"=dword:0000ffff

"Speed Color"=dword:0000d000

"Speed DVD"=dword:00000008

"Speed Limit"=dword:00000032

"Speed Limit DVD"=dword:00000010

"Vertical Grid"=dword:00000001

"Write Speed Color"=dword:00d000d0

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Disc Info]

@DACL=(02 0000)

"Basic"=dword:00000001

"Extended"=dword:00000001

"Raw Data"=dword:00000001

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\General]

@DACL=(02 0000)

"Read Speed"=dword:00000000

"Selected Read Speed"=dword:00000001

"Selected Tests"=dword:0000007f

"Selected Write Speed"=dword:00000001

"Spinup Time"=dword:0000000a

"Write Speed"=dword:00000000

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Save]

@DACL=(02 0000)

"Autosave"=dword:00000000

"File Dialog"=dword:00000001

"Filename"="%M %V"

"Folder"="c:\\Users\\user\\Documents"

"Save Type"=dword:00000000

"Status"=dword:00000001

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\ScanDisc]

@DACL=(02 0000)

"Speed CD"=dword:0000ffff

"Speed DVD"=dword:00000008

"Test"=dword:00000080

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Seek Times]

@DACL=(02 0000)

"Seek Count"=dword:00000064

"Seek Type"=dword:00000001

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Transfer Rate]

@DACL=(02 0000)

"Accuracy"=dword:00000001

"Background Color"=dword:00000000

"Background Color 2"=dword:00404040

"Background Gradient"=dword:00000001

"Buffer Color"=dword:00c080c0

"Buffer Underrun Protection"=dword:00000001

"Color Scheme"=dword:00000001

"CPU Color"=dword:0080c0c0

"Direct overwrite"=dword:00000000

"Display Type"=dword:00000000

"Horizontal Grid"=dword:00000001

"Include Test Results"=dword:00000001

"Maximum Speed CD"=dword:00000032

"Maximum Speed DVD"=dword:00000010

"Overburn"=dword:00000000

"Overburn Capacity"=dword:0006dd39

"Overburn Capacity DVD"=dword:0023f000

"Overburn DVD"=dword:00000000

"Primary Grid Color"=dword:00ff0000

"Read Resolution"=dword:00000001

"RPM Color"=dword:0000ffff

"Secondary Grid Color"=dword:00800000

"Show Buffer Graph"=dword:00000001

"Show CPU Graph"=dword:00000001

"Show Minimum/Maximum"=dword:00000000

"Show RPM"=dword:00000001

"Speed Color"=dword:0000ff00

"Streaming"=dword:00000000

"Vertical Grid"=dword:00000001

"Write Data"=dword:00000001

"Write Mode"=dword:00000000

"Write Resolution"=dword:00000001

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\innoPlus\Common_Settings]

@Class="Software\innoPlus\Common_Settings\OpenGL\WindowRenderer"

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\10.0\Word\Text Converters\Export]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\10.0\Word\Text Converters\Import]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\All Ports]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\PoINT\PoINT Audio Video SDK]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]

@Denied: (C D) (Everyone)

"ccSvcHst_UserSession_2388"="{1F0CE0AE-F764-4959-8968-044F7C54E00E}"

"ccSvcHst_UserSession_3620"="{A7805EB9-CDA7-4E99-8E74-8416CDD2EC06}"

"ccSvcHst_UserSession_2284"="{68EC761F-BE96-4364-BCE3-C6EB316E1065}"

"uiPerf_Service_Channel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"IPS_COMMAND_CHANNEL"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccGenericEvent_Global_EM"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccGenericEvent_Global_LM"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"SNDServiceRequestChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"SNDLocationChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccGenericLog_Manager"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccSettingsService"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"_AvProdSvcComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"g_coVistaProxyChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"FWAlert"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"_isDataPrComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"SymRedirSvcRequestChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"NortonNetServiceIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"NetMapServiceIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"BashIPCChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"_StatisticsCommand_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"_TrustSvcComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"

"ccSvcHst_Norton Internet Security"="{60E4C320-471F-4803-A37D-A7892580168C}"

.

[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]

@Denied: (C D) (Everyone)

"{1F0CE0AE-F764-4959-8968-044F7C54E00E}"=""

"{C1D52D3A-CFD9-4558-94D1-08CC4FCEFE9D}"=""

"{AC4C64CB-4C60-4DC2-A0AC-86A54FC8F2B7}"=""

"{E8E1F558-D03E-494E-A01E-7B40E94813CB}"=""

"{DA801703-010D-419E-A4D8-25F200FC1F37}"=""

"{913FE402-D908-48FF-BC1B-B1B7AE1AEEF3}"=""

"{89751F78-A1FB-41F4-9A60-8D07A95B7754}"=""

"{1F779EEE-C2C3-4E6D-8B11-B4F32FA767CB}"=""

"{657B2298-C586-4694-B7AA-7D50D986AA91}"=""

"{42433969-2009-448C-9CF6-607EF0651FC9}"=""

"{F4F5A7DD-3F2D-41CA-8745-1F87E15C25D6}"=""

"{A8ED0241-5B55-417F-8C3D-CDBE05418765}"=""

"{D426B47A-6122-49C7-BB55-4796946289C7}"=""

"{66686767-AA07-4D05-892D-F29BEC9A559D}"=""

"{C9044D0E-181D-4763-8940-2B5CC9E582BF}"=""

"{DA4CE3DE-76BC-489B-8731-E575BC9F474B}"=""

"{F9B2209C-5AF2-4F1A-A290-15CF544E18DD}"=""

"{D0E6C109-659A-47AD-92F6-23485E7D9817}"=""

"{53EE0666-1698-4F9A-B781-8BAC81FA4D4F}"=""

"{3A48C9AB-50B4-4A13-B310-9BC72D87B97C}"=""

"{C416953C-71FD-4D56-906D-021F7FB6D406}"=""

"{D90E9A83-A96E-4310-AC19-0075E8CA571D}"=""

"{14D136CE-C257-40E4-B9A9-3BAB4D104FE6}"=""

"{351DAD19-EF81-4A0B-8790-F06F9DFB9755}"=""

"{8BA14526-7E53-44EA-ADE8-D524FD534F6D}"=""

"{4AF73539-A973-42DB-B857-BB122979EC12}"=""

"{A10B2ABE-8DCE-4FDD-BB94-ED6F9776E9C6}"=""

"{55019419-419E-4E21-8391-6A7FE519E62D}"=""

"{2D55631B-0E7A-421C-9CDE-5CAC341FD39B}"=""

"{A7805EB9-CDA7-4E99-8E74-8416CDD2EC06}"=""

"{80F14507-A838-452A-9331-5989102B2D0F}"=""

"{266F7C67-6D75-4938-9DE4-4EDFE710F989}"=""

"{96B6CA39-2335-4700-928A-4AE253F7A755}"=""

"{68EC761F-BE96-4364-BCE3-C6EB316E1065}"=""

"{90F8D445-EC13-4932-877A-1828D380058B}"=""

"{623885FB-17BB-45B1-8D04-EF1B06924FCE}"=""

"{9A494DB0-06B4-4A4D-853A-6592F2A4A882}"=""

"{94CFF360-587A-4800-B13C-E01A031FE46E}"=""

"{2E03027B-AAD2-4B44-AA5E-E7849ACFDE2C}"=""

"{636DD75E-F7B5-485F-8D79-2B0A747A5B67}"=""

"{CF9DFE65-802E-4AAC-918F-19A2F60C6AEC}"=""

"{D613C334-6237-4356-88D2-9C8924183E72}"=""

"{F682569A-9703-4F48-A247-1DEA5687CF86}"=""

"{B80F2012-6D67-46BB-A5B1-8C6F916B8314}"=""

"{72886B6D-30BA-48FF-886D-1B244ACD3312}"=""

"{47FE2291-3ACF-403C-ACDE-A8778EE285D8}"=""

"{04283894-4D3C-4D77-BD61-86AC969985D1}"=""

"{4091B751-0719-4EC9-B6D9-DE3DEAAB1476}"=""

"{D19A0171-A3EC-40CB-AF33-DF79BA390810}"=""

"{FEB707D2-BE49-4520-A6FD-5592B8D933CB}"=""

"{50F9A4E0-BA20-4AFD-B407-C4C1AE157FF8}"=""

"{3A4362F8-7B1B-4DE8-8290-5A3BE3838164}"=""

"{968E9C52-CEF7-4A65-92FD-25D14722E612}"=""

"{CC941D1C-8FAB-408A-A5A9-23EFF313CECA}"=""

"{1CABB327-C8F2-45FB-87E9-F3AA6A8CBFAE}"=""

"{E2C50488-C40F-4F9B-B465-A6114850259D}"=""

"{A24113C9-77F7-4AE6-B55B-02B515980F57}"=""

"{62BC2EB3-84A5-4D99-8088-415621C85561}"=""

"{D474DAF1-E6C7-4771-9AB9-8EF168187FB9}"=""

"{094C6733-5C85-4BC6-8CC1-347D475CE480}"=""

"{ADFEC3BA-0DF2-446E-86BE-FF43130AD9D9}"=""

"{7C4CC7D4-FEFA-4060-8147-E22AA79CCEB3}"=""

"{6A11904D-A5B5-4EDE-BAF9-F623993C2150}"=""

"{8543E7FE-7579-46A3-9BCC-0336D96B085B}"=""

"{967F7C41-EEC4-4771-AC77-6FBB11DF122B}"=""

"{7368869A-49F0-4616-B659-C508EEC3CDB5}"=""

"{8BD2EF18-CEAE-48BE-A770-EFA8F0AC0ED7}"=""

"{BD573747-E09A-4A89-AB6B-404F15D5964E}"=""

"{D034691F-4AFA-4A74-AA72-CB1CFFA9B73D}"=""

"{953608D6-6F7B-409B-AE3B-2DFF7A4DB4F7}"=""

"{47271C16-E6A5-4A93-B686-54BAE876D48A}"=""

"{0EA24DD0-E264-462C-B198-781150AB7B56}"=""

"{D08220DB-C0CB-445E-AA9F-05B51C5F0B16}"=""

"{E53F5CAB-8757-41D2-81DD-FA5DE80C3DF7}"=""

"{FDB9EF16-F64F-4011-B258-3C44870B1E6D}"=""

"{02E4FC07-E251-4718-BB40-606E91E5BF4E}"=""

"{5C53F184-AEF3-419C-AD09-0DEE4BEA4C21}"=""

"{D5549D98-8D24-4517-91E3-C7C0B3C84256}"=""

"{B6F7C4EC-9E8A-4132-AA61-4607C7E13529}"=""

"{F88CDBAA-8126-48C3-95EF-F8372C6F893A}"=""

"{DE712079-89BB-4734-8264-65E684B5F4A0}"=""

"{A46B43BB-FC5C-4B27-AB8D-1A1AD69E0C0C}"=""

"{4C5A6E96-05AD-4D22-BBC9-935349E69217}"=""

"{85803C08-2069-401C-8621-C9B937BCF686}"=""

"{06CB8CD0-3FBB-4F95-B72F-A6F7B5D58928}"=""

"{28328550-FC5C-4C88-BDA3-F090A951ED6B}"=""

"{BFC6B1CD-0CF6-40E7-A7A7-5F9FD307F916}"=""

"{EB4285B9-77DB-41C7-982D-2F848F6B648F}"=""

"{6D6EB262-DC20-47CE-9018-E8090104F957}"=""

"{BFABE6C6-A4B5-4F08-BF98-9FD9B7693F50}"=""

"{F966D7CB-ED8A-4BDB-ABBB-989D0C49AD0C}"=""

"{0285EBC1-1DEB-4672-8243-6FAA58D3FAEC}"=""

"{A293FF71-F1A1-4F9F-9D85-B570F4C3576F}"=""

"{F18A8D38-2718-4F81-B2A1-F67191C321B7}"=""

"{E93B5192-E903-48BA-8A8F-43454E0D6C17}"=""

"{16854716-F142-4651-9494-C83F636592FF}"=""

"{AB4BA74E-8052-4083-8061-A4938ACAF44B}"=""

"{6420BA8F-0FE1-4FF0-A0C2-EAFB654472B8}"=""

"{79EAD956-3D14-4A2D-A204-6A842BAD39D0}"=""

"{439FD9C8-1E85-4487-8698-A8EE9A5DA07C}"=""

"{396DDC6A-DFF8-4AC5-AB8D-82474E4C0C07}"=""

"{85E79F97-7E4A-42F2-898E-8F3892429989}"=""

"{BD06EB33-82EF-49D0-A82C-06E4A840398D}"=""

"{49BCF200-AF32-405F-ACEC-64F8675755FB}"=""

"{8A5D458C-18C5-4094-A7FB-E234FDE1756A}"=""

"{68CC6DFE-D323-44F5-A2F6-726E9BEA002A}"=""

"{45AFEBC6-A86A-49B4-A3E0-52AD9744E563}"=""

"{C88E4C7A-B416-4814-82A8-E5A40E9619D4}"=""

"{6DDCFB1D-F110-473F-B224-0EEC92706686}"=""

"{6D55887B-9A30-4516-8D55-14B6C6909512}"=""

"{4FAE1BF6-74DF-40C3-AEB0-019490F94DC6}"=""

"{CAD3A86F-4D70-458D-9948-5533B809FA4C}"=""

"{880BA745-344D-4A6C-A5E8-E5CE44565D78}"=""

"{D533C765-F49C-4BD9-8EAF-B90EF58D1F38}"=""

"{CFBBEE2E-7C37-4E90-AE0F-0C5342D4D749}"=""

"{E54B9E43-8922-44E4-9487-B20500B418B8}"=""

"{28D4ADC1-6E37-4506-9C99-BFFF56C4F7F0}"=""

"{4EB54D43-6678-4117-9E8B-C872FB2475AA}"=""

"{CE73825C-375B-417A-91BC-DA1E0323910E}"=""

"{A25A5AC7-FAC7-4416-8FD7-7D2828CFCFCB}"=""

"{D2E63AF8-C675-43F7-B2D3-232D6262CD75}"=""

"{6828C31B-C8E7-48A4-9192-79C5F553280E}"=""

"{7FE5D98C-43FE-46FB-98D7-CC624753A6B8}"=""

"{5A31BD9C-8CDD-4733-90B7-0E7777524105}"=""

"{60E4C320-471F-4803-A37D-A7892580168C}"=""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000004

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1844)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\System32\ieframe.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\taskhost.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PSIService.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\RtHDVCpl.exe

c:\users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-04-30  10:52:12 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-04-30 08:52

.

Vor Suchlauf: 18 Verzeichnis(se), 17.552.003.072 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 17.479.282.688 Bytes frei

.

- - End Of File - - DDC5C624C1344165E874331379F9BF56

und nun der otl file:

Code:

OTL logfile created on: 30.04.2013 10:59:23 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 63,45% Memory free

5,62 Gb Paging File | 4,75 Gb Available in Paging File | 84,60% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110,01 Gb Total Space | 16,36 Gb Free Space | 14,87% Space Free | Partition Type: NTFS

Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS

Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JULIA | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe

PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll

MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)

SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP)

DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)

DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA)

DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP)

DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI)

DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW)

DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV)

DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX)

DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)

DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)

DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)

DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)

DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)

DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)

DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] (   ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes,DefaultScope = {03_TL-GOOGLE-DE-E1416B8B2E3A}

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="

FF - prefs.js..network.proxy.type: 4

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

 

[2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions

[2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com

[2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml

[2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml

[2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml

[2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml

[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif

[2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml

[2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\17001.005

[2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

 

O1 HOSTS File: ([2013.04.30 10:42:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O3 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.30 10:52:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.04.30 10:45:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.04.30 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp

[2013.04.30 10:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.04.30 10:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.04.30 10:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.04.30 10:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013.04.30 10:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.30 10:28:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.04.30 10:27:22 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha

[2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.30 11:04:05 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.04.30 11:04:05 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.04.30 11:04:05 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.04.30 11:04:05 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.04.30 10:56:59 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013.04.30 10:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.30 10:56:05 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.30 10:42:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.04.30 10:32:05 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job

[2013.04.30 10:28:22 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013.04.30 10:18:44 | 000,628,743 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe

[2013.04.30 09:12:08 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2013.04.29 18:25:08 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe

[2013.04.29 18:17:02 | 000,000,498 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable

[2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[3 C:\*.tmp files -> C:\*.tmp -> ]

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.30 10:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.04.30 10:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.04.30 10:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.04.30 10:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.04.30 10:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.04.30 10:18:41 | 000,628,743 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe

[2013.04.29 18:25:06 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe

[2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable

[2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.01.20 15:42:28 | 000,000,498 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res

[2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps

[2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg

[2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg

[2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png

[2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg

[2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg

[2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd

[2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif

[2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd

[2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif

[2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd

[2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif

[2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps

[2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps

[2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg

[2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc

[2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini

[2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll

[2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll

[2011.06.30 13:19:37 | 000,018,120 | ---- | C] (   ) -- C:\Windows\System32\drivers\ArtecGT.sys

[2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini

[2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI

[2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini

[2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini

[2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR

[2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BitTorrent

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite

[2010.04.13 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DNA

[2010.02.26 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo

[2010.02.26 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Nokia

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Smith Micro

[2010.02.26 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird

[2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze

[2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery

[2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing

[2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft

[2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0

[2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ

[2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock

[2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha

[2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX

[2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad

[2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio

[2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia

[2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd

[2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite

[2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft

[2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS

[2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007

[2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird

[2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs

[2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft

[2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk

[2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue

[2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy

[2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm

[2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine

[2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074
 

< End of report >

Hallo,

hier die nächsten Schritte:

Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.

Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:

Avira Free Antivirus

Norton Internet Security

Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

[2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr

[2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy

[2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm

[2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk

[2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs

[2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy

[2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd

[2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha

[2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock

[2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze

[2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml

[2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml

[2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml

[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif

[2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml

[2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005

FF - prefs.js..browser.search.order.1: "Ask"

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356

[2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
 

:commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck
Log von OTL

Also erst einmal hört sich das echt beunruhigend an mit der passwort ausspionier software :-O

und 2. habe ich norton eig. schon längst vom system entfernt und wird auch nicht in programm liste aufgeführt. kann es sein das sich das trotzdem noch im hintergrund hält und wenn ja wie krieg ich das dann weg?

lg

Zitat:

und 2. habe ich norton eig. schon längst vom system entfernt und wird auch nicht in programm liste aufgeführt.

Ich sehe in deiner Programmliste noch den Eintrag Norton 360 aufgelistet. Diesen müsstest du deinstallieren.
Oder findest du ihn nicht?

Ne, finde ich nicht. wird weder in der programmliste aufgeführt noch beim CCleaner.

und zu den letzten schritten: eset läuft mal wieder und ist schon 1,5 stunden am laufen aber beim letzten mal musste ich es über nacht laufen lassen^^

Ja, ESET kann ein Weilchen dauern, das ist normal.
Den Rest schauen wir dann an, wenn alle Logs da sind.

So 1. OTL:

Code:

All processes killed

========== OTL ==========

C:\Users\user\AppData\Roaming\Ymutr folder moved successfully.

C:\Users\user\AppData\Roaming\Vieqy folder moved successfully.

C:\Users\user\AppData\Roaming\xmldm folder moved successfully.

C:\Users\user\AppData\Roaming\Uchauk folder moved successfully.

C:\Users\user\AppData\Roaming\UAs folder moved successfully.

C:\Users\user\AppData\Roaming\OpenCandy\D3E9CD6224984D68B00877F731A350BE folder moved successfully.

C:\Users\user\AppData\Roaming\OpenCandy folder moved successfully.

C:\Users\user\AppData\Roaming\Noyd folder moved successfully.

C:\Users\user\AppData\Roaming\Luawha folder moved successfully.

C:\Users\user\AppData\Roaming\kock folder moved successfully.

C:\Users\user\AppData\Roaming\Ackyze folder moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml moved successfully.

C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml moved successfully.

Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33044118-6597-4D2F-ABEA-7974BB185379}\ not found.

File C:\Users\user\AppData\Roaming\17001.005 not found.

Prefs.js: "Ask" removed from browser.search.order.1

C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\META-INF folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} folder moved successfully.

Prefs.js: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356 removed from extensions.enabledItems

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

Registry key HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03_TL-GOOGLE-DE-E1416B8B2E3A}\ not found.

Prefs.js: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" removed from sweetim.toolbar.previous.browser.search.defaulturl

Prefs.js: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812" removed from browser.startup.homepage

Prefs.js: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" removed from sweetim.toolbar.previous.keyword.URL

Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 removed from extensions.enabledItems

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gast

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

->Java cache emptied: 120995071 bytes

->FireFox cache emptied: 66442349 bytes

->Flash cache emptied: 367334 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: TEMP

->Temp folder emptied: 0 bytes

 

User: user

->Temp folder emptied: 1103 bytes

->Temporary Internet Files folder emptied: 27795723 bytes

->Java cache emptied: 101126 bytes

->FireFox cache emptied: 75510990 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 9828168 bytes

 

%systemdrive% .tmp files removed: 230282739 bytes

%systemroot% .tmp files removed: 867465 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 508,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 04302013_150551
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

dann 2.

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.30.04
 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

user :: JULIA [Administrator]
 

Schutz: Aktiviert
 

30.04.2013 15:19:57

mbam-log-2013-04-30 (15-19-57).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 242248

Laufzeit: 10 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

und 3. Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=03bb8ff539302d4c878a7fa653fddf14

# engine=13733

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-05-01 04:11:08

# local_time=2013-05-01 06:11:08 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1799 16775165 100 99 18201 232847958 10962 0

# compatibility_mode=3588 16777213 100 96 55662002 116499003 0 0

# compatibility_mode=5893 16776574 100 85 119863411 119863411 0 0

# scanned=220394

# found=2

# cleaned=0

# scan_time=9324

sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\qijsslxkrbtjtau\main.html"

sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\qijsslxkrbtjtau\main.html"

so 4.

Code:

 Results of screen317's Security Check version 0.99.62  

 Windows 7  x86   

 Out of date service pack!! 

 Internet Explorer 8 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Norton Internet Security Online   

Avira Desktop                     

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 CCleaner (remove only)   

 Java(TM) 6 Update 33  

 Java(TM) 6 Update 3  

 Java(TM) 6 Update 4  

 Java(TM) 6 Update 5  

 Java(TM) 6 Update 7  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player         11.7.700.169  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (for.) 
 ````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

und 5. nochma otl^^

Code:

OTL logfile created on: 01.05.2013 18:20:42 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 41,96% Memory free

5,62 Gb Paging File | 4,32 Gb Available in Paging File | 76,90% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110,01 Gb Total Space | 16,04 Gb Free Space | 14,58% Space Free | Partition Type: NTFS

Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS

 

Computer Name: JULIA | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe

PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll

MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll

MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP)

DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)

DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA)

DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP)

DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI)

DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW)

DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV)

DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX)

DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)

DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)

DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)

DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)

DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)

DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)

DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)

DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] (   ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

 

[2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2013.05.01 14:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions

[2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com

[2013.05.01 14:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\staged

[2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2013.05.01 14:25:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.05.01 14:25:59 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2013.05.01 14:25:56 | 000,350,097 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

[2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml

[2013.04.30 15:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

 

O1 HOSTS File: ([2013.04.30 10:42:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O3 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.05.01 15:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.04.30 18:36:24 | 002,347,384 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe

[2013.04.30 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2013.04.30 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.04.30 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.04.30 15:15:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.04.30 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.04.30 15:15:03 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe

[2013.04.30 15:05:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.04.30 10:52:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.04.30 10:45:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.04.30 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp

[2013.04.30 10:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.04.30 10:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.04.30 10:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.04.30 10:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013.04.30 10:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.30 10:28:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.04.30 10:27:22 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.01 18:15:54 | 000,890,815 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe

[2013.05.01 17:12:45 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2013.05.01 14:32:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job

[2013.05.01 11:41:51 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.05.01 11:41:51 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.05.01 11:41:51 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.05.01 11:41:51 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.05.01 11:34:49 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013.05.01 11:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.01 11:33:37 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.30 20:24:03 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2013.04.30 18:37:02 | 002,347,384 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe

[2013.04.30 15:15:45 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.30 15:15:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe

[2013.04.30 10:42:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.04.30 10:28:22 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe

[2013.04.30 10:18:44 | 000,628,743 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe

[2013.04.29 18:25:08 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe

[2013.04.29 18:17:02 | 000,000,498 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable

[2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2013.05.01 18:15:40 | 000,890,815 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe

[2013.04.30 15:15:45 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.30 10:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.04.30 10:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.04.30 10:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.04.30 10:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.04.30 10:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.04.30 10:18:41 | 000,628,743 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe

[2013.04.29 18:25:06 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe

[2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable

[2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg

[2013.01.20 15:42:28 | 000,000,498 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml

[2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res

[2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps

[2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg

[2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg

[2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png

[2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg

[2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg

[2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd

[2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif

[2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd

[2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif

[2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd

[2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif

[2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps

[2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps

[2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg

[2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc

[2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

[2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini

[2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll

[2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll

[2011.06.30 13:19:37 | 000,018,120 | ---- | C] (   ) -- C:\Windows\System32\drivers\ArtecGT.sys

[2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini

[2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI

[2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini

[2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini

[2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR

[2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BitTorrent

[2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite

[2010.04.13 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DNA

[2010.02.26 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo

[2010.02.26 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Nokia

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite

[2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Smith Micro

[2010.02.26 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird

[2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery

[2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite

[2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing

[2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft

[2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0

[2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ

[2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX

[2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad

[2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio

[2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite

[2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft

[2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS

[2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony

[2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007

[2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird

[2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft

[2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue

[2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074
 

< End of report >

Also ich weiß ja nicht was jetzt alles gemacht wurde aber CPU ist "nur" noch zwischen 50 - 80% *tumbs up*

Hi,

du hast sehr viele veraltete Software installiert (unter anderem mehrere Javas..). Das ist gefährlich - die müssen alle weg. Und es fehlt ein Service Pack..

Schritt 1

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

msiexec.exe /x {63A6E9A9-A190-46D4-9430-2DB28654AFD8}

und drücke OK. Bestätige die Deinstallation.

Schritt 2

Gehe bitte zu Start --> Alle Programme --> Windows Update.
Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
Drücke dann auf Updates installieren.
Starte nach Beendigung der Installation den Rechner neu auf.
Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.

Schritt 3

Downloade und installiere den Internet Explorer 10.
Der Internet Explorer sollte auch dann aktuell gehalten werden, wenn er nicht zum Surfen verwendet wird.

Schritt 4

Dein Flashplayer im Internet Explorer ist veraltet. Installiere folgendermassen die aktuelle Version:

Besuche mit dem Internet Explorer diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 5

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Schritt 6

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 7

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:files

C:\ProgramData\qijsslxkrbtjtau

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 8

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von SecurityCheck

Also schritt 1 will net funzen...

Also erst geht alles gut aber wenn er dann die deinstallation anfangen will kommt ein Fenster dem steht: " This MSI must be launched through setup"

Ok, dann überspring diesen Schritt und mach weiter.

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

hey entschuldige das ich nicht geschrieben habe
war die letzten tage kaum vorm PC aber ein paar schritte hab ich schon erledigt.

Ok, danke für die Mitteilung.

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.