Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner (https://www.trojaner-board.de/136415-gvu-trojaner.html)

Teronius 11.06.2013 19:40
GVU Trojaner
 
Hallo, mein Freund hat auch ein Problem mit diesem.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03
Ran by Marco (administrator) on 11-06-2013 20:11:17
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\cmd.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [KiesPreload] D:\Kies\Kies.exe /preload [x]
HKCU\...\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Marco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-04] (Spotify Ltd)
HKCU\...\Run: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-15] ()
HKCU\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [Spotify] "C:\Users\Marco\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [4573184 2013-05-04] (Spotify Ltd)
HKCU\...\Run: [Google Update] "C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-17] (Google Inc.)
HKCU\...\Run: [PlayNC Launcher] [x]
HKCU\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized [43304 2013-06-11] (NCSOFT)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marco\AppData\Roaming\skype.dat [138240 2011-11-17] () <==== ATTENTION
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48&sspv=CHSB9
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.19.11_0
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S2 4game-service; C:\Program Files (x86)\4game\4game-service.exe [1133056 2013-05-23] (Innova Co S.a r.l.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
 
==================== Drivers (Whitelisted) ====================
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 14:54 - 2013-06-11 19:29 - 00000004 ____A C:\Users\Marco\AppData\Roaming\skype.ini
2013-06-11 14:50 - 2013-06-11 14:50 - 00138240 ____A C:\Users\Marco\Downloads\video_720p (1).exe
2013-06-11 14:49 - 2013-06-11 14:49 - 00138240 ____A C:\Users\Marco\Downloads\video_720p.exe
2013-06-11 02:59 - 2012-10-24 10:16 - 04702568 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2013-06-11 02:59 - 2005-01-02 23:43 - 00004682 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2013-06-11 02:59 - 2003-07-19 08:17 - 00005174 ____A C:\Windows\SysWOW64\nppt9x.vxd
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 00:39 - 2013-06-11 02:27 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:36 - 2013-06-11 00:37 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-11 00:10 - 2013-06-11 00:10 - 00000000 ____D C:\Users\Marco\AppData\Local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
2013-06-10 22:14 - 2013-06-10 23:43 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe
2013-06-03 22:55 - 2013-06-03 22:55 - 01376768 ____A C:\Users\Marco\Downloads\7z920-x64 (2).msi
2013-06-03 22:51 - 2013-06-03 22:51 - 75895944 ____A C:\Users\Marco\Downloads\obli.xvid.part13.rar
2013-06-03 22:51 - 2013-06-03 22:51 - 00000000 ____D C:\Users\Marco\AppData\Roaming\WinRAR
2013-06-03 22:50 - 2013-06-03 22:51 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part12.rar
2013-06-03 22:50 - 2013-06-03 22:51 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part11.rar
2013-06-03 22:50 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part10.rar
2013-06-03 22:49 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part09.rar
2013-06-03 22:49 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part08.rar
2013-06-03 22:49 - 2013-06-03 22:49 - 104857615 ____A C:\Users\Marco\Downloads\obli.xvid.part07.rar
2013-06-03 22:48 - 2013-06-03 22:49 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part06.rar
2013-06-03 22:48 - 2013-06-03 22:49 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part05.rar
2013-06-03 22:48 - 2013-06-03 22:48 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part04.rar
2013-06-03 22:47 - 2013-06-03 22:48 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part03.rar
2013-06-03 22:47 - 2013-06-03 22:47 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part02.rar
2013-06-03 22:47 - 2013-06-03 22:47 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part01.rar
2013-06-03 22:43 - 2013-06-03 22:43 - 00003160 ____A C:\Users\Marco\Downloads\relink.us__obli.xvid_2a5e7637e57f95f803dedb089627a7.dlc
2013-06-03 22:36 - 2013-06-03 22:36 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marco\Downloads\jDownloaderWebInstaller09581.exe
2013-06-03 22:36 - 2013-06-03 22:36 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marco\Downloads\jDownloaderWebInstaller09581 (1).exe
2013-05-23 23:44 - 2013-05-24 01:42 - 00000000 ____D C:\Users\Marco\AppData\Roaming\TS3Client
2013-05-23 23:43 - 2013-05-23 23:43 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-05-23 23:41 - 2013-05-23 23:42 - 32698840 ____A (TeamSpeak Systems GmbH) C:\Users\Marco\Downloads\TeamSpeak3-Client-win32-3.0.10.1.exe
2013-05-16 03:17 - 2013-05-16 03:17 - 00000000 ____D C:\Users\Marco\Documents\PDF Architect Files
2013-05-16 03:17 - 2013-05-16 03:17 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-16 03:16 - 2013-05-16 03:16 - 00000000 ____D C:\Users\Marco\AppData\Roaming\pdfforge
2013-05-16 03:16 - 2013-04-09 15:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-05-16 03:16 - 2013-01-09 15:52 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-05-16 03:16 - 2012-05-05 11:54 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-05-16 03:16 - 2012-05-05 11:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-05-16 03:16 - 2012-05-05 11:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-05-16 03:16 - 1998-07-06 18:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-05-16 03:16 - 1998-07-06 18:55 - 00158208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-05-16 03:16 - 1998-07-06 18:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-05-16 03:13 - 2013-05-16 03:13 - 17502040 ____A (pdfforge GbR) C:\Users\Marco\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-16 03:01 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 03:01 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 03:01 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:01 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 03:01 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:01 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 03:01 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 15:56 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 15:56 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 15:56 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 15:55 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 15:55 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 15:55 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 15:55 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 15:55 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 15:55 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 15:55 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
 
==================== One Month Modified Files and Folders =======
 
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 19:52 - 2011-04-12 09:43 - 03506656 ____A C:\Windows\System32\perfh007.dat
2013-06-11 19:52 - 2011-04-12 09:43 - 01041720 ____A C:\Windows\System32\perfc007.dat
2013-06-11 19:52 - 2009-07-14 07:13 - 00005194 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 19:37 - 2012-02-17 02:00 - 01621112 ____A C:\Windows\WindowsUpdate.log
2013-06-11 19:32 - 2012-01-10 21:14 - 00075448 ____A C:\Windows\setupact.log
2013-06-11 19:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 19:29 - 2013-06-11 14:54 - 00000004 ____A C:\Users\Marco\AppData\Roaming\skype.ini
2013-06-11 19:29 - 2013-01-15 22:31 - 00000000 ____D C:\Users\Marco\AppData\Local\PMB Files
2013-06-11 19:28 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 19:28 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-11 19:23 - 2013-02-18 16:10 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Dropbox
2013-06-11 19:23 - 2012-09-20 12:10 - 00000000 ____D C:\Users\Marco\AppData\Local\Spotify
2013-06-11 19:23 - 2012-09-20 12:09 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Spotify
2013-06-11 19:23 - 2012-02-17 02:35 - 00000000 ____D C:\ProgramData\MFAData
2013-06-11 18:58 - 2012-02-17 02:37 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
2013-06-11 14:50 - 2013-06-11 14:50 - 00138240 ____A C:\Users\Marco\Downloads\video_720p (1).exe
2013-06-11 14:49 - 2013-06-11 14:49 - 00138240 ____A C:\Users\Marco\Downloads\video_720p.exe
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 02:27 - 2013-06-11 00:39 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 02:27 - 2013-01-15 22:31 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:39 - 2012-02-17 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-11 00:37 - 2013-06-11 00:36 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-11 00:10 - 2013-06-11 00:10 - 00000000 ____D C:\Users\Marco\AppData\Local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
2013-06-11 00:09 - 2012-03-09 19:26 - 00000000 ____D C:\Users\Marco\Tracing
2013-06-10 23:59 - 2012-02-17 02:42 - 00000000 ____D C:\Users\Marco\AppData\Local\Windows Live
2013-06-10 23:43 - 2013-06-10 22:14 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe
2013-06-09 22:07 - 2012-02-17 02:37 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
2013-06-06 12:10 - 2012-02-17 02:38 - 00002363 ____A C:\Users\Marco\Desktop\Google Chrome.lnk
2013-06-05 21:22 - 2013-03-01 18:04 - 00000000 ____D C:\Users\Marco\Desktop\Woq2 Bilder
2013-06-03 22:55 - 2013-06-03 22:55 - 01376768 ____A C:\Users\Marco\Downloads\7z920-x64 (2).msi
2013-06-03 22:51 - 2013-06-03 22:51 - 75895944 ____A C:\Users\Marco\Downloads\obli.xvid.part13.rar
2013-06-03 22:51 - 2013-06-03 22:51 - 00000000 ____D C:\Users\Marco\AppData\Roaming\WinRAR
2013-06-03 22:51 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part12.rar
2013-06-03 22:51 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part11.rar
2013-06-03 22:50 - 2013-06-03 22:50 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part10.rar
2013-06-03 22:50 - 2013-06-03 22:49 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part09.rar
2013-06-03 22:50 - 2013-06-03 22:49 - 104857603 ____A C:\Users\Marco\Downloads\obli.xvid.part08.rar
2013-06-03 22:49 - 2013-06-03 22:49 - 104857615 ____A C:\Users\Marco\Downloads\obli.xvid.part07.rar
2013-06-03 22:49 - 2013-06-03 22:48 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part06.rar
2013-06-03 22:49 - 2013-06-03 22:48 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part05.rar
2013-06-03 22:48 - 2013-06-03 22:48 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part04.rar
2013-06-03 22:48 - 2013-06-03 22:47 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part03.rar
2013-06-03 22:47 - 2013-06-03 22:47 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part02.rar
2013-06-03 22:47 - 2013-06-03 22:47 - 104857624 ____A C:\Users\Marco\Downloads\obli.xvid.part01.rar
2013-06-03 22:43 - 2013-06-03 22:43 - 00003160 ____A C:\Users\Marco\Downloads\relink.us__obli.xvid_2a5e7637e57f95f803dedb089627a7.dlc
2013-06-03 22:36 - 2013-06-03 22:36 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marco\Downloads\jDownloaderWebInstaller09581.exe
2013-06-03 22:36 - 2013-06-03 22:36 - 00077236 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\Marco\Downloads\jDownloaderWebInstaller09581 (1).exe
2013-06-01 22:12 - 2013-02-18 16:12 - 00001016 ____A C:\Users\Marco\Desktop\Dropbox.lnk
2013-05-24 01:42 - 2013-05-23 23:44 - 00000000 ____D C:\Users\Marco\AppData\Roaming\TS3Client
2013-05-23 23:43 - 2013-05-23 23:43 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-05-23 23:43 - 2012-04-26 20:53 - 00001162 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-05-23 23:42 - 2013-05-23 23:41 - 32698840 ____A (TeamSpeak Systems GmbH) C:\Users\Marco\Downloads\TeamSpeak3-Client-win32-3.0.10.1.exe
2013-05-17 15:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 06:19 - 2012-08-03 19:54 - 00000000 ____D C:\Users\Marco\Documents\Bewerbung
2013-05-16 06:13 - 2009-07-14 06:45 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 06:12 - 2010-11-21 05:47 - 00031932 ____A C:\Windows\PFRO.log
2013-05-16 03:17 - 2013-05-16 03:17 - 00000000 ____D C:\Users\Marco\Documents\PDF Architect Files
2013-05-16 03:17 - 2013-05-16 03:17 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-16 03:16 - 2013-05-16 03:16 - 00000000 ____D C:\Users\Marco\AppData\Roaming\pdfforge
2013-05-16 03:13 - 2013-05-16 03:13 - 17502040 ____A (pdfforge GbR) C:\Users\Marco\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-16 03:11 - 2012-01-10 20:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 15:48 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
 
Files to move or delete:
====================
C:\Users\Marco\AppData\Roaming\skype.dat
C:\Users\Marco\AppData\Roaming\skype.ini
C:\ProgramData\dsgsdgdsgdsgw.pad
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-03 02:00
 
==================== End Of Log ============================
--- --- ---




kann wer helfen?
Hab mir das von eben schon durchgelesen, aber was soll ich hier in die Fixdatei speichern?

M-K-D-B 11.06.2013 19:42
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B 11.06.2013 19:49
Servus,



Schritt 1 sollte den Rechner entsperren.
Schritt 2 und 3 im normalen Modus ausführen.





Schritt 1
Drücke auf dem sauberen Rechner bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster und drücke Enter.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
start
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marco\AppData\Roaming\skype.dat [138240 2011-11-17] () <==== ATTENTION
C:\Users\Marco\AppData\Roaming\skype.dat
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.19.11_0
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
2013-06-11 14:54 - 2013-06-11 19:29 - 00000004 ____A C:\Users\Marco\AppData\Roaming\skype.ini
C:\ProgramData\dsgsdgdsgdsgw.pad
end
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen infizierten Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.





Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner.

Teronius 11.06.2013 20:09
Bin dabei und auch schon bei Punkt 2... dauert nur alles seeehr lange ;)
Ich poste die Logs sobald ich fertig bin

Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2013 03
Ran by Marco at 2013-06-11 20:53:13 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Marco\AppData\Roaming\skype.dat => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Value deleted successfully.
HKCR\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Value deleted successfully.
HKCR\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Value deleted successfully.
HKCR\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} => Value deleted successfully.
HKCR\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} => Key not found.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm => Moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm => File/Directory not found.
C:\Users\Marco\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully.

==== End of Fixlog ====
Combofix Logfile:

Code:
ComboFix 13-06-08.02 - Marco 11.06.2013  21:09:25.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3828.2350 [GMT 2:00]
ausgeführt von:: c:\users\Marco\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marco\AppData\Local\assembly\tmp
c:\users\Marco\AppData\Roaming\AcroIEHelpe.txt
c:\users\Marco\AppData\Roaming\BAcroIEHelpe244.dll
c:\users\Marco\AppData\Roaming\srvblck5.tmp
c:\windows\SysWow64\muzapp.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 19:17 . 2013-06-11 19:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-11 18:58 . 2013-06-11 18:58        --------        d-----w-        C:\found.001
2013-06-11 18:11 . 2013-06-11 18:11        --------        d-----w-        C:\FRST
2013-06-11 00:59 . 2012-10-24 08:16        4702568        ----a-w-        c:\windows\SysWow64\GameMon.des
2013-06-11 00:59 . 2005-01-02 21:43        4682        ----a-w-        c:\windows\SysWow64\npptNT2.sys
2013-06-11 00:59 . 2003-07-19 06:17        5174        ----a-w-        c:\windows\SysWow64\nppt9x.vxd
2013-06-11 00:58 . 2013-06-11 00:58        --------        d-----w-        c:\program files\Common Files\INCA Shared
2013-06-10 22:39 . 2013-06-11 19:16        --------        d-----w-        c:\users\Marco\AppData\Local\assembly
2013-06-10 22:39 . 2013-06-11 00:27        --------        d-----w-        c:\program files (x86)\NCSoft
2013-06-10 20:14 . 2013-06-10 21:43        --------        d-----w-        c:\program files (x86)\4game
2013-05-23 21:44 . 2013-05-23 23:42        --------        d-----w-        c:\users\Marco\AppData\Roaming\TS3Client
2013-05-23 21:43 . 2013-05-23 21:43        --------        d-----w-        c:\program files (x86)\TeamSpeak 3 Client
2013-05-16 01:17 . 2013-05-16 01:17        --------        d-----w-        c:\program files (x86)\PDF Architect
2013-05-16 01:16 . 2013-05-16 01:16        --------        d-----w-        c:\users\Marco\AppData\Roaming\pdfforge
2013-05-16 01:16 . 2013-04-09 13:13        110264        ----a-w-        c:\windows\system32\pdfcmon.dll
2013-05-16 01:16 . 2013-01-09 13:52        1070152        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2013-05-16 01:16 . 2012-05-05 09:54        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2013-05-16 01:16 . 2012-05-05 09:54        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2013-05-16 01:16 . 2012-05-05 09:54        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2013-05-16 01:16 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2013-05-16 01:16 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2013-05-16 01:16 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2013-05-15 13:56 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:56 . 2013-04-10 06:01        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:56 . 2011-02-03 11:25        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 13:55 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-05-15 13:55 . 2013-02-27 06:02        111448        ----a-w-        c:\windows\system32\consent.exe
2013-05-15 13:55 . 2013-02-27 05:52        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-05-15 13:55 . 2013-02-27 05:48        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-05-15 13:55 . 2013-02-27 05:47        70144        ----a-w-        c:\windows\system32\appinfo.dll
2013-05-15 13:55 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-05-15 13:55 . 2013-03-19 05:53        230400        ----a-w-        c:\windows\system32\wwansvc.dll
2013-05-15 13:55 . 2013-04-10 03:30        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-05-15 13:55 . 2013-03-19 05:53        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 04:15 . 2011-03-28 17:36        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 01:11 . 2012-01-10 18:35        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-10 15:07 . 2013-05-10 15:07        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-10 15:07 . 2013-05-10 15:07        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-10 15:07 . 2013-05-10 15:07        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-10 15:07 . 2013-05-10 15:07        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-10 15:07 . 2013-05-10 15:07        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-10 15:07 . 2013-05-10 15:07        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-10 15:07 . 2013-05-10 15:07        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-10 15:07 . 2013-05-10 15:07        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-10 15:07 . 2013-05-10 15:07        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-10 15:07 . 2013-05-10 15:07        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-10 15:07 . 2013-05-10 15:07        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-10 15:07 . 2013-05-10 15:07        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-10 15:07 . 2013-05-10 15:07        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-10 15:07 . 2013-05-10 15:07        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-10 15:07 . 2013-05-10 15:07        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-10 15:07 . 2013-05-10 15:07        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-10 15:07 . 2013-05-10 15:07        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-10 15:07 . 2013-05-10 15:07        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-10 15:07 . 2013-05-10 15:07        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-10 15:07 . 2013-05-10 15:07        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-10 15:07 . 2013-05-10 15:07        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-10 15:07 . 2013-05-10 15:07        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-10 15:07 . 2013-05-10 15:07        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-10 15:07 . 2013-05-10 15:07        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-10 15:07 . 2013-05-10 15:07        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-10 15:07 . 2013-05-10 15:07        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-10 15:07 . 2013-05-10 15:07        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-10 15:07 . 2013-05-10 15:07        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-10 15:07 . 2013-05-10 15:07        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-10 15:07 . 2013-05-10 15:07        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-10 15:07 . 2013-05-10 15:07        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-10 15:07 . 2013-05-10 15:07        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-10 15:07 . 2013-05-10 15:07        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-10 15:07 . 2013-05-10 15:07        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-10 15:07 . 2013-05-10 15:07        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-10 15:07 . 2013-05-10 15:07        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-10 15:07 . 2013-05-10 15:07        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-10 15:07 . 2013-05-10 15:07        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-10 15:07 . 2013-05-10 15:07        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-10 15:07 . 2013-05-10 15:07        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-10 15:07 . 2013-05-10 15:07        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-10 15:07 . 2013-05-10 15:07        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-10 15:07 . 2013-05-10 15:07        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-10 15:07 . 2013-05-10 15:07        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-10 15:07 . 2013-05-10 15:07        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-10 15:07 . 2013-05-10 15:07        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-10 15:07 . 2013-05-10 15:07        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-10 15:07 . 2013-05-10 15:07        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-10 15:07 . 2013-05-10 15:07        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-15 13:56        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:56        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:56        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:56        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:56        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:56        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:38        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 08:44        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:43        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:43        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:43        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:43        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:43        112640        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="d:\kies\Kies.exe" [2012-11-12 968120]
"KiesAirMessage"="d:\kies\KiesAirMessage.exe" [2012-11-01 577536]
"KiesPDLR"="d:\kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-12 1104824]
"Spotify Web Helper"="c:\users\Marco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-04 1105408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-15 3093624]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-10-14 226784]
"Spotify"="c:\users\Marco\AppData\Roaming\Spotify\spotify.exe" [2013-05-04 4573184]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-06-10 43304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-11-12 309688]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
.
R2 4game-service;4game-service;c:\program files (x86)\4game\4game-service.exe;c:\program files (x86)\4game\4game-service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 00:37]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 00:37]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Marco\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-17 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-17 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-17 414744]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-10-14 226784]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: 4game.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files (x86)\PDFCreator\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1894934171-1551603685-868937202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1894934171-1551603685-868937202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-11  21:25:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-11 19:25
.
Vor Suchlauf: 13 Verzeichnis(se), 11.239.763.968 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 11.081.064.448 Bytes frei
.
- - End Of File - - 3398BD482FA5D1DCEA04DDCC189BABF5
D41D8CD98F00B204E9800998ECF8427E
AdwCleaner Logfile:
Code:
# AdwCleaner v2.303 - Datei am 11/06/2013 um 21:30:48 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Marco - MARCITO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marco\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Marco\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Marco\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Marco\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marco\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2319] : homepage = "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48&sspv=CHSB9",

*************************

AdwCleaner[S1].txt - [5146 octets] - [11/06/2013 21:30:48]

########## EOF - C:\AdwCleaner[S1].txt - [5206 octets] ##########
--- --- ---

M-K-D-B 13.06.2013 16:35
Servus,


tut mir Leid wegen der Verspätung, hab derzeit sehr viel um die Ohren.




Wie läuft dein Rechner momentan?
Gibt es moch Probleme, die auf Malware hindeuten? Wenn ja, welche?





  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List
  • Klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Teronius 14.06.2013 07:08
Hallo :)

läuft alles super soweit. Hier sind die beiden TXTs:

Code:
OTL logfile created on: 14.06.2013 07:51:40 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,23% Memory free
7,48 Gb Paging File | 5,80 Gb Available in Paging File | 77,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 10,21 Gb Free Space | 10,45% Space Free | Partition Type: NTFS
Drive D: | 356,01 Gb Total Space | 215,45 Gb Free Space | 60,52% Space Free | Partition Type: NTFS
 
Computer Name: MARCITO | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Marco\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Marco\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (4game-service) -- C:\Program Files (x86)\4game\4game-service.exe (Innova Co S.a r.l.)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 69 6D BA 0B ED CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.17 02:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.16 03:17:07 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.06.11 21:20:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE File not found
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSOFT)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 4game.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D7A493D-A685-4F47-B6CC-31249886D4F2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53CA3E99-806F-4A13-8C18-5E7C03514239}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 01:51:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.13 01:51:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.13 01:51:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.13 01:51:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.13 01:51:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.13 01:51:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.13 01:51:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.13 01:51:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.13 01:51:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.13 01:51:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.13 01:51:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.13 01:51:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 01:51:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.13 01:51:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 01:51:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 13:58:50 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 13:58:49 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 13:58:49 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 13:58:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 13:58:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 13:58:36 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 13:58:36 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 13:58:36 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 13:58:36 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 13:58:36 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 13:58:36 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 13:58:31 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 13:58:31 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.11 21:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.11 21:20:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.11 21:07:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 21:07:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 21:07:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 21:06:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 21:06:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 20:58:47 | 000,000,000 | ---D | C] -- C:\found.001
[2013.06.11 20:11:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.11 02:59:45 | 004,702,568 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013.06.11 02:59:23 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2013.06.11 02:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2013.06.11 00:44:20 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2013.06.11 00:39:59 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\assembly
[2013.06.11 00:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2013.06.11 00:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2013.06.11 00:10:36 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
[2013.06.10 22:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4game
[2013.06.10 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4game
[2013.06.03 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\WinRAR
[2013.05.23 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\TS3Client
[2013.05.23 23:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2013.05.16 03:17:15 | 000,000,000 | ---D | C] -- C:\Users\Marco\Documents\PDF Architect Files
[2013.05.16 03:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.05.16 03:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.05.16 03:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.05.16 03:16:25 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.05.16 03:16:25 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013.05.16 03:16:25 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013.05.16 03:16:25 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.05.16 03:16:22 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2013.05.16 03:16:22 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2013.05.16 03:16:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2013.05.16 03:16:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013.05.15 15:56:03 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 15:56:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 15:55:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 15:55:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 15:55:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 15:55:51 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 15:55:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.14 07:37:19 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 07:37:19 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 07:34:17 | 003,610,200 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.14 07:34:17 | 001,506,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.14 07:34:17 | 001,074,872 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.14 07:34:17 | 000,958,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.14 07:34:17 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.14 07:29:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.14 07:29:19 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 17:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
[2013.06.11 21:20:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.11 02:27:55 | 000,002,094 | ---- | M] () -- C:\Users\Marco\Desktop\Lineage II.lnk
[2013.06.11 00:39:40 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2013.06.09 22:07:07 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
[2013.06.06 12:10:29 | 000,002,363 | ---- | M] () -- C:\Users\Marco\Desktop\Google Chrome.lnk
[2013.06.01 22:12:54 | 000,001,048 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.01 22:12:42 | 000,001,016 | ---- | M] () -- C:\Users\Marco\Desktop\Dropbox.lnk
[2013.05.29 20:16:40 | 001,317,706 | ---- | M] () -- C:\Users\Public\Documents\Stundenzettel.pdf
[2013.05.28 13:35:24 | 000,470,058 | ---- | M] () -- C:\Users\Marco\Desktop\Mickey-Mouse-hd-wallpapers.jpg
[2013.05.28 13:14:21 | 001,910,847 | ---- | M] () -- C:\Users\Marco\Desktop\23724_3d_3d_transparent_pokeball (1).jpg
[2013.05.23 23:43:21 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.05.17 03:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.17 03:25:26 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.17 02:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 02:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 02:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 02:58:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.17 02:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.17 02:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.17 02:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 06:13:27 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 21:07:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 21:07:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 21:07:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 21:07:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 21:07:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 02:59:22 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013.06.11 02:27:55 | 000,002,094 | ---- | C] () -- C:\Users\Marco\Desktop\Lineage II.lnk
[2013.06.11 00:39:40 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2013.06.03 22:39:41 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.06.03 22:39:41 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.06.03 22:39:41 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.05.29 20:16:53 | 001,317,706 | ---- | C] () -- C:\Users\Public\Documents\Stundenzettel.pdf
[2013.05.28 13:35:24 | 000,470,058 | ---- | C] () -- C:\Users\Marco\Desktop\Mickey-Mouse-hd-wallpapers.jpg
[2013.05.28 13:14:21 | 001,910,847 | ---- | C] () -- C:\Users\Marco\Desktop\23724_3d_3d_transparent_pokeball (1).jpg
[2013.02.15 13:36:36 | 000,086,857 | ---- | C] () -- C:\Users\Marco\425745_549096938453821_492524886_n.jpg
[2013.01.30 02:11:37 | 000,034,890 | ---- | C] () -- C:\Users\Marco\66407_501073603264182_714443056_n.jpg
[2012.12.11 12:45:19 | 000,000,016 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\blckdom.res
[2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.15 20:55:00 | 000,000,110 | ---- | C] () -- C:\Windows\clientshell.INI
[2012.02.17 17:06:39 | 001,639,104 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\UserTile.png
[2012.02.17 04:03:49 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.02.17 03:39:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.17 02:42:18 | 000,001,571 | ---- | C] () -- C:\Users\Marco\DivX Movies.lnk
[2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.29 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Audacity
[2013.04.11 16:26:45 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AVG
[2012.09.28 18:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AVG2013
[2012.03.23 20:42:05 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DAEMON Tools Lite
[2013.06.14 07:47:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Dropbox
[2012.12.21 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoft
[2012.12.11 12:45:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\kock
[2012.08.02 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org
[2012.11.30 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Samsung
[2013.06.13 01:48:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Spotify
[2012.11.26 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TeamViewer
[2013.04.24 22:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TERA
[2013.05.24 01:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TS3Client
[2012.08.28 16:21:07 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TuneUp Software
[2012.12.11 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\UAs
[2012.02.23 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\uTorrent
[2012.04.03 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Windows Live Writer
[2012.03.10 10:45:14 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Windows SideBar
[2012.12.11 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心

< End of report >
Code:
OTL Extras logfile created on: 14.06.2013 07:51:40 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 63,23% Memory free
7,48 Gb Paging File | 5,80 Gb Available in Paging File | 77,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 10,21 Gb Free Space | 10,45% Space Free | Partition Type: NTFS
Drive D: | 356,01 Gb Total Space | 215,45 Gb Free Space | 60,52% Space Free | Partition Type: NTFS
 
Computer Name: MARCITO | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E70A13-69D0-496C-BDFB-D3212DA76E66}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D443283-8ECE-403E-B58F-9EB302A71ACB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{144876C4-F7F6-4F27-A663-14CB39EB097F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DD3195D-28DC-400D-BAFF-D3D47FCD168B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2636A2EB-010A-4440-9892-E1E129DA964D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{310414DE-81B4-4CB5-9FD0-173F214E3956}" = lport=445 | protocol=6 | dir=in | app=system |
"{34B9E7F4-A175-4952-B545-102EAEE139F3}" = lport=56748 | protocol=17 | dir=in | name=pando media booster |
"{3BDC49A1-041E-44B7-8B4D-CE51029206C4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{43A43B03-3181-4C49-B027-C228528CDF2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AADFB40-E3A3-4C42-8DED-C88457C7DE11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{519554AD-D67A-4970-908F-451893234617}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B072B4C-9B5F-44CA-9C5F-A9F9A3D86018}" = lport=56748 | protocol=17 | dir=in | name=pando media booster |
"{5E951BF2-BE76-452D-BF42-B46748A6AFD1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79214FB2-E72B-45F1-9CDB-64924ECC1CDD}" = lport=139 | protocol=6 | dir=in | app=system |
"{818E061E-FC76-45AF-B266-8F7B0D6B4498}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DD086F8-7A59-43A1-9438-0D64015E88BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9736BE52-271E-403D-A646-BB1EF4939D16}" = lport=56748 | protocol=6 | dir=in | name=pando media booster |
"{A1A22668-C0E7-4CDF-966A-925E899513E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B41B6D46-CE30-40C3-B5B1-EEB2570F9479}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B422036E-BDBD-4135-9C13-0670657C9CF2}" = rport=138 | protocol=17 | dir=out | app=system |
"{BF7141C8-32A7-4ACA-93E8-F6D4377A4BA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{C070EA34-A920-4714-B415-62FA548DF249}" = lport=56748 | protocol=6 | dir=in | name=pando media booster |
"{D116EDE2-FD8E-44FB-BD85-6878ADE4F8EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3818E70-80B9-45D0-8D35-C936F8A36A2B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED6C2018-A8AF-4E6B-B39C-65F4377E3C9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F78CAD9B-C211-4D44-A514-DFC614389DD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7BF5259-5D59-49F2-A1E6-9457179FB94F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ACCDC1-FE98-4DCB-B5E0-FCD2218A87E0}" = protocol=6 | dir=out | app=system |
"{023C6BA2-60EF-49EA-BE26-FD43BED68FD5}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{0287B56D-1B1F-4A06-9D1E-99E71691F217}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{0FFAEAFA-752A-4C9C-BF8C-3DC5C9B03192}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{158E62FC-6D25-4A6C-A909-39C17726555B}" = protocol=17 | dir=in | app=d:\tera\tera\tera-launcher.exe |
"{279B6FD5-F83D-4440-BA88-9053E4555958}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{304A1E58-8D1B-4C0E-916C-7F0E95C7E115}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{37B032C0-B5E6-4EFC-8B43-E8E15932D812}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3E587FF7-74A8-4B7E-915E-6BA5853E8A20}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AC87044-46A3-4B5F-80BD-BF6B8CCA03CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5095756F-BBD9-4318-8138-5879C56B9B1F}" = protocol=6 | dir=in | app=d:\tera\tera\tera-launcher.exe |
"{545B531D-75A4-49D1-9BD6-3247ED49FF45}" = protocol=6 | dir=in | app=d:\vindictus eu\en-eu\nmservice.exe |
"{5563B817-BA90-493F-B029-52E4BC7EEC01}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5FFF8BD1-E035-475D-8A73-372863A66F46}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{629DC71D-D078-4B62-8D19-BAE10831B54D}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{6BFE0657-A6ED-4027-8D42-C04566A5C72D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{70765DCC-657A-4E71-94F7-C9BB2506BF2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7143DC2A-4287-4700-9F9A-03A1C620C0B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76F202DC-0654-47EE-AF6D-B14FBC3F20D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E8E52F0-8488-4FFB-BD42-C08C92DACF53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{82B8ADBA-D541-40C7-9B6E-9F0F85EE7D10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9426EEF6-D757-46B8-97BD-499B0F076A33}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{96272A1D-3F35-4693-A052-EFF646860382}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96912EEA-F0DC-4614-A9F4-8089C010E287}" = protocol=17 | dir=in | app=d:\vindictus eu\en-eu\nmservice.exe |
"{96F00020-D6EF-413B-9D60-2074E93731E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0979D12-3363-4B66-A10E-83BB9A2193A3}" = protocol=6 | dir=in | app=c:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe |
"{A485A523-0CCB-49F6-999C-24FF33C3A804}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A5E79ED0-AF60-4AAB-A55F-F6B35FE9999A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A84F8976-FD1F-495F-B241-B47D6C864689}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AAB634F7-3B4B-4B1D-91A0-2DD1C9EB43DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{ACA36180-61C8-40E5-91E8-B5AEC4F4223C}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{AD4DCEFD-87C9-4B2F-85B2-9EFA74F3C545}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{B0EC52FE-4046-4DAD-8203-F12E85992C0F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{B28D9830-D65E-4842-92BD-8FF2607D9C20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4FB3DA5-B507-48EC-8A01-0BA77941A2D7}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{B6901312-E899-409E-A37F-C13C49311250}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE6156D0-8A95-4FED-B9EF-62BCC8385CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFBF573E-CC6E-4882-82C4-2294AFFD5344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C83CF95B-C466-4694-9276-492BD9DA92E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9D325F1-CDCF-44E3-BC32-991E6AE110EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CBA55A18-B16D-4B87-B344-4D500307F019}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D15E51E5-4693-4FE1-9E58-71848157BFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D1EB0973-B6B6-43AF-BE3A-D5A4EA1E9A71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D3151FB4-64A9-40CB-8A3B-EB6F1BCFA94E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3D44AE1-7F26-4968-95EF-F7CF9B8736CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D3F22EF1-F2A0-45C3-B185-F512193D49D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DA064AAA-A65B-41E1-85A8-6644916452B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBAC01A5-3BAF-4DC1-89F1-F0CECBA15C9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E6FAAF33-C91D-419F-BE2C-82080094DD65}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E77A1BED-B380-4479-AC47-84C489E141A1}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{EC055AF1-4B52-442D-9620-BB8C3CEE77D0}" = protocol=17 | dir=in | app=c:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe |
"{EC0C2E7C-4EF5-46E7-A1F0-097317DF82E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F4F73956-54F7-41AD-80B9-54484092F644}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F509C1DA-F49E-4AE7-B807-3EFBD1A78306}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F8536DEB-E686-46E6-A069-10B5B40F5AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEB91D53-2635-4240-88ED-A45DBB0C51D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{FF20C6D2-BAD6-45DD-952D-6D62440B63FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{121D86F2-0FA1-4B13-B778-DD9057891C8D}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{1782FA85-9281-4A72-B390-5E20390C4312}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{258C379D-F242-4E2C-B036-E83968BBB602}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2A0FB177-21C1-4DE8-9AC8-9C517C7497A8}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{3E0F439C-9FCA-45A9-8787-DD42ACD35E4C}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{64F03C6D-7C59-45C8-BEBD-D991FF9E041C}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{67BF345A-B5CF-4625-9CD5-B3BB9B71698F}C:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{77072AAC-7EF1-4B65-A439-CCDF9EF02F5F}C:\users\marco\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marco\appdata\roaming\spotify\spotify.exe |
"TCP Query User{899C7D6F-5DF1-419F-9AF1-11E8B92DBF28}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{8C749016-A61A-44AD-8EDB-9B3AB3729B49}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{C267D3C4-36FE-44C4-B455-C979AE54EFCB}D:\tera\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera\tera-launcher.exe |
"TCP Query User{DD2F84B1-3704-4CCA-B046-46400F2E4C45}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{E449282F-8283-4981-9455-4FD7F3A7667D}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{EEDDCDAF-394A-42B4-BB14-C995E4F7C6CD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F3954284-D822-453C-B376-AAC9E9F69907}C:\users\marco\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marco\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FE531592-7DF3-4702-9910-7754A01B83ED}D:\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe |
"UDP Query User{00E87455-3FCB-4A71-ACAF-04A045D127D9}C:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marco\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{286F8BE9-4879-475D-B09A-944FB20C6C0C}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{29A36281-F168-4282-9FBD-4EE7D7F7BBA8}D:\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe |
"UDP Query User{36817ABE-F979-48DB-8F6A-6547832A1752}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{40669E70-A3D5-4587-A68C-388439674358}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{4A2AE6BC-D1ED-4D81-BEB7-905CBCE88CC1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4A316CE3-789F-4366-BD35-EBCF6D3B3929}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{60ADB637-C432-43CB-94ED-5C454FF71087}D:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{64960459-E69A-417E-A2E7-8F67BAA8D105}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{9C5C6A62-245F-4192-9DA2-D018CF978950}C:\users\marco\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marco\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A2ED390F-1E43-4DA5-A320-B8F806DCB5BE}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{A56F9821-D881-49A7-BFC6-3B48007239F7}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{C2A9FAA3-01B3-442F-8EEF-CA4628BA4004}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{E2A94F40-6AB4-4DD9-9CE2-C98D04E15A0C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E8E920B8-A2A3-4A4D-A978-DCF1318A9618}D:\tera\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera\tera-launcher.exe |
"UDP Query User{F726CBE1-9F2F-4013-ABED-44FF12D8F88F}C:\users\marco\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marco\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D98B285-0777-B3B7-7A3D-9C85422203B9}" = ccc-utility64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{418A8D89-B9AA-B872-5927-3D1A052CEAA8}" = AMD Media Foundation Decoders
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8924F1FE-8AC5-C2AE-59EF-C5D65B226933}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFE888DA-79D5-C64A-8439-1B224D330F2F}" = ccc-utility64
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2013
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Canon LBP7010C/7018C" = Canon LBP7010C/7018C
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{06870F63-4D1C-171F-9552-368D3890D92F}" = CCC Help French
"{080FA973-1BE0-6E71-C03D-8F6081C3F64B}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101B3A2E-D391-52C7-2EEA-744F8B0CD0AC}" = CCC Help Dutch
"{14A34B7D-E675-8775-5975-987E9193CE8F}" = CCC Help Spanish
"{14CE04AF-0EBC-B865-382F-1FB466CAC301}" = CCC Help English
"{18F3394D-1A34-F631-E789-C0BD57DAC2BA}" = CCC Help Finnish
"{1998C8AE-87D7-E562-51D1-582F6D3CBE50}" = CCC Help Italian
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBC5882-96E2-3A01-A32C-9B6F6EF6CF25}" = CCC Help Korean
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F36B20F-7408-EC75-2825-E9FE81B0339D}" = CCC Help Norwegian
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2442DE08-0947-4A14-8061-219A99F2DFD5}_is1" = World of Qin 2 Version 2100
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2E3C5EA7-5034-4673-EC48-0B9F0D108F96}" = CCC Help Japanese
"{30B533D1-F0AB-2C56-648A-C204C033CB6C}" = ccc-core-static
"{30DAAF05-3679-C10C-953C-BB422FCDF557}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F2DA68-5394-490F-7426-B6BBEF9E9271}" = CCC Help Thai
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4273A992-97B0-22D1-1E72-2B634E161232}" = CCC Help Chinese Traditional
"{428536FB-25A0-8531-75EF-D7A7C340B0A4}" = Catalyst Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6B7C9-65AE-BE8B-687A-6F1A2D7F9705}" = CCC Help Czech
"{4C8E1E1B-175F-AF47-8B21-E12C7C8B5D40}" = CCC Help Thai
"{4E515022-7CE0-2FBF-B65A-0D22B983B3B8}" = CCC Help Korean
"{4EAF46A2-DB90-6B67-F640-5CC876A2B5C4}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{571AA09E-720E-5FC0-1A52-39D3959A128E}" = PX Profile Update
"{5D5B8455-50E0-F94A-4C82-0F9303BB4C0E}" = CCC Help Danish
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60E20402-AC6B-CA7D-7BB7-F022D74313C6}" = CCC Help Swedish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65788064-4757-CB23-92A7-9D5D447F32BC}" = CCC Help Hungarian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{70018574-BBF0-AFF0-E3A4-8B242404CAFD}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7765BB73-D985-42C9-C7EE-AB434D59429F}" = CCC Help Chinese Traditional
"{7ADFB885-8E98-6AAE-8687-D6EFB5127F6B}" = Catalyst Control Center Graphics Previews Common
"{7F7C616E-6971-77D9-7D59-82DC35DF81AC}" = CCC Help Russian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85A12E3C-16F1-6129-F2D6-80016A30ED0D}" = CCC Help Chinese Standard
"{892F1E79-65C7-EBFA-2D82-D45D53C106C3}" = CCC Help English
"{89463BCF-A199-8F20-2692-1158A84225BB}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99913581-07B0-6B84-9528-F65C248AA3D2}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA5B08F-9162-BCCB-AFAC-28DF1751BEC3}" = Catalyst Control Center Localization All
"{A11FBE34-2710-EC90-7149-7A78EDC498AB}" = CCC Help Czech
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF859F36-5F97-F6EC-A617-62771A8B4FDC}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB095F3E-0A7D-7DD4-B2A8-47CB12E416B0}" = CCC Help Japanese
"{BC71B06F-BFAE-6A73-091C-F18ACF00A04C}" = CCC Help Italian
"{BDCBA80C-A3BD-9DA5-E43F-EBBBE779C032}" = CCC Help Hungarian
"{BF15BE5B-A45E-6312-304F-39475AE9722F}" = CCC Help Turkish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter und die Heiligtümer des Todes™ - Teil 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEA6219-8792-3E40-D361-4FB5F0FBBB0F}" = CCC Help Portuguese
"{CF053286-7F4C-CAFB-616B-58EC562BB28E}" = CCC Help Chinese Standard
"{D07BB56A-7DB4-4564-A1F9-EBCE75FBE3C6}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1280DCC-F2CC-BBDF-2E1E-EF8D0A4CD3C3}" = Catalyst Control Center Localization All
"{D3689EED-3943-9E90-1D65-D2246EB58AD1}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D535632D-624E-0B64-A107-6E3AD09893E3}" = Catalyst Control Center Graphics Previews Vista
"{D767A1E2-930B-93DC-B0D8-AC6456A19C82}" = CCC Help Norwegian
"{DAC3C995-8C29-8310-558B-9869CED00978}" = CCC Help Portuguese
"{DBA5EE42-A143-A658-9F86-C611BFDBEFCA}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E566097D-791C-C25F-8559-B440021AC7D7}" = CCC Help French
"{E58DB2CA-1F78-4EBC-B0BC-A38016A19855}" = жÔØÌì½¾II
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EAF0F475-CFE2-9F4D-F26A-875FF09AD40E}" = CCC Help Spanish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1F1CCD6-34FE-81C6-CE0C-F22695E6409F}" = CCC Help German
"{F2421108-2F1E-4CD6-AF8F-07AA3BDEE35A}" = Uninstall World of Qin 2
"{F71A71E1-285C-95CE-A8F7-231E3827138E}" = CCC Help Polish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDCDE331-EEB2-E1EE-8765-B195B2B0B25D}" = CCC Help German
"4game" = 4game
"4game_lineage2de" = LineageII DE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"NCLauncher_GameForge" = NC Launcher (GameForge)
"PS3 Media Server" = PS3 Media Server
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"NCsoft-Lineage2" = Lineage II
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.06.2013 18:13:55 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
Error - 10.06.2013 19:11:49 | Computer Name = Marcito | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TJ2Client.exe, Version: 2100.1212.1.0,
 Zeitstempel: 0x475f3f30  Name des fehlerhaften Moduls: TJ2Client.exe, Version: 2100.1212.1.0,
 Zeitstempel: 0x475f3f30  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e243f  ID des fehlerhaften
 Prozesses: 0x173c  Startzeit der fehlerhaften Anwendung: 0x01ce662994f3eb20  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Qin 2\TJ2Client.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\World of Qin 2\TJ2Client.exe  Berichtskennung:
 203d8e42-d223-11e2-9e0a-c80aa95f33d8
 
Error - 10.06.2013 19:11:53 | Computer Name = Marcito | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TJ2Client.exe, Version: 2100.1212.1.0,
 Zeitstempel: 0x475f3f30  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x08383d30  ID des fehlerhaften
 Prozesses: 0x173c  Startzeit der fehlerhaften Anwendung: 0x01ce662994f3eb20  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Qin 2\TJ2Client.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 22b01e0f-d223-11e2-9e0a-c80aa95f33d8
 
Error - 10.06.2013 19:11:54 | Computer Name = Marcito | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TJ2Client.exe, Version: 2100.1212.1.0,
 Zeitstempel: 0x475f3f30  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x11743d30  ID des fehlerhaften
 Prozesses: 0x310  Startzeit der fehlerhaften Anwendung: 0x01ce6629c3fb09e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\World of Qin 2\TJ2Client.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 23725f77-d223-11e2-9e0a-c80aa95f33d8
 
Error - 11.06.2013 01:06:29 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2013 08:44:09 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2013 08:57:53 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2013 10:40:38 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2013 10:58:06 | Computer Name = Marcito | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2013 13:01:56 | Computer Name = Marcito | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.06.2013 10:18:50 | Computer Name = Marcito | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 4game-service erreicht.
 
Error - 13.06.2013 10:18:50 | Computer Name = Marcito | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4game-service" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%1053
 
Error - 13.06.2013 10:18:51 | Computer Name = Marcito | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 13.06.2013 10:19:07 | Computer Name = Marcito | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 13.06.2013 11:44:41 | Computer Name = Marcito | Source = DCOM | ID = 10010
Description =
 
Error - 13.06.2013 11:44:46 | Computer Name = Marcito | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 14.06.2013 01:30:05 | Computer Name = Marcito | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 4game-service erreicht.
 
Error - 14.06.2013 01:30:05 | Computer Name = Marcito | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4game-service" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%1053
 
Error - 14.06.2013 01:30:05 | Computer Name = Marcito | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 14.06.2013 01:30:06 | Computer Name = Marcito | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
 
< End of report >

M-K-D-B 14.06.2013 17:35
Servus,



Ich seh in den neuen Logdateien von OTL auch, dass du am 11. Dezember letzten Jahres schon mal mit Malware infiziert warst... da sind noch Reste der Malware drauf. :blabla:

Wir entfernen die letzten Reste und kontrollieren nochmal alles:





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2012.12.11 12:45:19 | 000,000,016 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\blckdom.res
[2012.12.11 12:45:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\kock
[2012.12.11 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\UAs
[2012.12.11 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\xmldm

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

M-K-D-B 18.06.2013 18:58
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Teronius 06.07.2013 12:38
Sorry hatte die E-Mail, dass du geantwortet hattest überlesen.

Anbei die Logs

Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
C:\Users\Marco\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Marco\AppData\Roaming\kock folder moved successfully.
C:\Users\Marco\AppData\Roaming\UAs folder moved successfully.
C:\Users\Marco\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marco
->Temp folder emptied: 66654565 bytes
->Temporary Internet Files folder emptied: 401183358 bytes
->Java cache emptied: 33156 bytes
->FireFox cache emptied: 18486591 bytes
->Google Chrome cache emptied: 32793978 bytes
->Apple Safari cache emptied: 17681408 bytes
->Flash cache emptied: 60325 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 20 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349997761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304945 bytes
RecycleBin emptied: 2355 bytes
 
Total Files Cleaned = 886,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07062013_112204

Files\Folders moved on Reboot...
C:\Users\Marco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marco\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\zptr\logs\service\4game-service.log moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Marco :: MARCITO [Administrator]

Schutz: Aktiviert

06.07.2013 11:34:12
mbam-log-2013-07-06 (11-34-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213920
Laufzeit: 5 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 2120 -> Löschen bei Neustart.
C:\Users\Marco\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 4160 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Daten: "C:\Users\Marco\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\WebCake (PUP.WebCake) -> Löschen bei Neustart.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebCake\WebCakeLayers.crx (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebCake\OptChrome.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebCake\sqlite3.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Löschen bei Neustart.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marco\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Löschen bei Neustart.

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c15a7aac34b94340b995d953178e1420
# engine=14289
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-06 11:26:28
# local_time=2013-07-06 01:26:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 94 8469 60243972 0 0
# compatibility_mode=5893 16776574 100 94 20553341 124739838 0 0
# scanned=112105
# found=2
# cleaned=0
# scan_time=5952
sh=BB43432A7EDB62002A68BF11FA7B4E3917774CD9 ft=1 fh=79b26677d08d08c3 vn="Win32/LockScreen.AVP trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=7C9A7F9FC3BFB7E5D34EFB95E53AC8BC6229B0E5 ft=1 fh=9edfae49678ae37d vn="probably a variant of Win32/Spy.Banker.ZBC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Marco\AppData\Roaming\BAcroIEHelpe244.dll.vir"
Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 31 
 Java version out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (22.0)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 BrowserDefender 2.6.1339.144 {c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} BrowserDefender.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Ich habe dazu die Windows Updates überprüft (laufen automatisch), den AVG2013, der sich auch automatisch aktualisiert. Dann habe ich Firefox installiert und mit den Plugins NoScript und AdBlockPlus versehen. Außerdem installiere ich noch Spywareblaster und TFC.

M-K-D-B 06.07.2013 15:43
Servus,


wir sind noch nicht fertig. So geht es weiter:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Teronius 07.07.2013 14:00

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Marco (administrator) on 07-07-2013 14:36:06
Running from C:\Users\Marco\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Plus HD) C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 [x] <===== ATTENTION
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [2521040 2013-05-23] ()
Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=062013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4EF6F07BCB7C1C58&affID=119776&tsp=4918
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default
FF NewTab: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=4EF6F07BCB7C1C58&affID=119776&tsp=4918
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @4game.com/plugin - C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: WOT - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome:
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=062013
CHR RestoreOnStartup: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=062013", "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4EF6F07BCB7C1C58&affID=119776&tsp=4918", "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=4EF6F07BCB7C1C58&affID=119776&tsp=4918"
CHR DefaultSearchURL: (Delta Search) - hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4EF6F07BCB7C1C58&affID=119776&tsp=4918
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Delta Toolbar) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Plus-HD-2.2) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 4game-service; C:\Program Files (x86)\4game\4game-service.exe [1133056 2013-05-23] (Innova Co S.a r.l.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 14:33 - 2013-07-07 14:33 - 01934636 ____A (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2013-07-06 13:43 - 2013-07-06 13:43 - 00000000 ____D C:\ProgramData\Licenses
2013-07-06 13:42 - 2013-07-06 13:42 - 00001079 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-06 13:42 - 2013-07-06 13:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-07-06 13:42 - 2009-03-24 12:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-07-06 11:31 - 2013-07-06 11:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-06 11:31 - 2013-07-06 11:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 11:31 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-06 11:22 - 2013-07-06 11:22 - 00000000 ____D C:\_OTL
2013-07-06 11:16 - 2013-07-06 11:04 - 00001159 ____A C:\Users\Marco\Desktop\Mozilla Firefox.lnk
2013-07-06 11:14 - 2013-07-06 11:14 - 00890988 ____A C:\Users\Marco\Desktop\SecurityCheck.exe
2013-07-06 11:13 - 2013-07-06 11:13 - 02347384 ____A (ESET) C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
2013-07-06 11:12 - 2013-07-06 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Marco\Desktop\OTL.exe
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Users\Marco\AppData\Local\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 11:03 - 2013-07-06 11:03 - 21703480 ____A (Mozilla) C:\Users\Marco\Downloads\Firefox Setup 22.0.exe
2013-06-28 03:08 - 2013-06-28 03:09 - 00000000 ____D C:\Users\Marco\AppData\Local\{263DF9C9-BA0E-4D9E-8627-E5CD89A2A6EB}
2013-06-27 15:08 - 2013-06-27 15:08 - 00000000 ____D C:\Users\Marco\AppData\Local\{39EE5898-2623-40EB-B6DD-852C9A698B0D}
2013-06-27 15:01 - 2013-06-27 15:01 - 00000950 ____A C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
2013-06-27 14:59 - 2013-06-27 15:00 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Aion-Setup-PTS.exe
2013-06-27 14:57 - 2013-06-27 14:58 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Nicht bestätigt 802797.crdownload
2013-06-24 21:14 - 2013-06-24 21:14 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-24 21:14 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\iTunes
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-24 21:13 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iPod
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-24 21:02 - 2013-06-24 21:33 - 00000000 ____D C:\Users\Marco\Desktop\Vanessa
2013-06-24 21:01 - 2013-06-24 21:02 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (2).exe
2013-06-24 21:00 - 2013-06-24 21:00 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (1).exe
2013-06-24 20:56 - 2013-06-24 20:57 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup.exe
2013-06-24 14:26 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Marco\AppData\Local\{2C9EB574-4B6A-4652-90C0-66C942478FEA}
2013-06-20 23:12 - 2013-06-20 23:12 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-20 23:12 - 2013-06-20 23:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-20 23:11 - 2013-06-20 23:11 - 01491560 ____A (Skype Technologies S.A.) C:\Users\Marco\Downloads\SkypeSetup (1).exe
2013-06-20 22:25 - 2013-06-20 22:25 - 00000000 ____D C:\Users\Marco\AppData\Local\{1DFBE738-1C14-4453-B825-977C4D5BB734}
2013-06-20 11:16 - 2013-06-20 11:16 - 00001121 ____A C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
2013-06-20 11:14 - 2013-06-20 11:14 - 09081117 ____A C:\Users\Marco\Downloads\contents.rar
2013-06-20 10:41 - 2013-06-20 10:41 - 02191154 ____A C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-06-19 23:13 - 2013-06-19 23:22 - 00000000 ____D C:\Users\Marco\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-06-19 23:10 - 2013-06-19 23:10 - 00893000 ____A (PrivitizeVPN) C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_CB2_fully_updated_client_secure.exe
2013-06-19 23:04 - 2013-06-19 23:04 - 00000000 ____D C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b
2013-06-19 21:03 - 2013-06-19 21:09 - 1072796672 ____A C:\Users\Marco\Downloads\Data6.cab
2013-06-19 21:00 - 2013-06-19 21:09 - 707215847 ____A C:\Users\Marco\Downloads\Data7.cab
2013-06-19 20:59 - 2013-06-19 21:09 - 1073265664 ____A C:\Users\Marco\Downloads\Data4.cab
2013-06-19 20:59 - 2013-06-19 21:09 - 1071889408 ____A C:\Users\Marco\Downloads\Data5.cab
2013-06-19 20:57 - 2013-06-19 21:09 - 1070653440 ____A C:\Users\Marco\Downloads\Data3.cab
2013-06-19 20:36 - 2013-07-07 14:36 - 00001198 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-06-19 20:36 - 2013-07-07 14:36 - 00001194 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-06-19 20:36 - 2013-07-07 14:36 - 00001098 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-06-19 20:36 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Delta
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Babylon
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\BabSolution
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-19 20:35 - 2013-07-07 14:35 - 00001906 ____A C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2013-06-19 20:35 - 2013-07-07 14:35 - 00001830 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-06-19 20:35 - 2013-07-06 11:42 - 00000000 ____D C:\Users\Marco\AppData\Roaming\WebCake
2013-06-19 20:35 - 2013-07-06 11:05 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Mozilla
2013-06-19 20:35 - 2013-06-19 20:36 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2
2013-06-19 18:24 - 2013-06-19 18:24 - 00000204 ____A C:\Users\Marco\Downloads\contentsFIX forerror.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000087 ____A C:\Users\Marco\Downloads\youtube_INSTALLATION-byforums.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000011 ____A C:\Users\Marco\Downloads\z9-all-mates-on-the-ship-is-my-friend.txt
2013-06-15 22:54 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 22:54 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 22:54 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 22:54 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 22:54 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:51 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:51 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:51 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:51 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:51 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:51 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:58 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:58 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:58 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:58 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:58 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:58 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:58 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:58 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 13:58 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 13:58 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:58 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:58 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 13:58 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 13:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 13:58 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 21:30 - 2013-06-11 21:31 - 00005265 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-11 21:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-11 21:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-11 21:06 - 2013-06-11 21:25 - 00000000 ____D C:\Qoobox
2013-06-11 21:06 - 2013-06-11 21:23 - 00000000 ____D C:\Windows\erdnt
2013-06-11 21:04 - 2013-06-11 21:05 - 05078680 ____A (Swearware) C:\Users\Marco\Downloads\ComboFix.exe
2013-06-11 20:58 - 2013-06-11 20:58 - 00000000 ____D C:\found.001
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 02:59 - 2012-10-24 10:16 - 04702568 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2013-06-11 02:59 - 2005-01-02 23:43 - 00004682 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2013-06-11 02:59 - 2003-07-19 08:17 - 00005174 ____A C:\Windows\SysWOW64\nppt9x.vxd
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 00:39 - 2013-06-11 02:27 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:36 - 2013-06-11 00:37 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-11 00:10 - 2013-06-11 00:10 - 00000000 ____D C:\Users\Marco\AppData\Local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
2013-06-10 22:14 - 2013-06-10 23:43 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe

==================== One Month Modified Files and Folders =======

2013-07-07 14:36 - 2013-06-19 20:36 - 00001198 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-07-07 14:36 - 2013-06-19 20:36 - 00001194 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-07-07 14:36 - 2013-06-19 20:36 - 00001098 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-07-07 14:35 - 2013-06-19 20:35 - 00001906 ____A C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2013-07-07 14:35 - 2013-06-19 20:35 - 00001830 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-07-07 14:35 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 14:35 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 14:33 - 2013-07-07 14:33 - 01934636 ____A (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2013-07-07 14:32 - 2012-02-17 02:35 - 00000000 ____D C:\ProgramData\MFAData
2013-07-07 14:28 - 2013-02-18 16:10 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Dropbox
2013-07-07 14:27 - 2012-01-10 21:14 - 00081170 ____A C:\Windows\setupact.log
2013-07-07 14:27 - 2010-11-21 05:47 - 00036570 ____A C:\Windows\PFRO.log
2013-07-07 14:27 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 14:13 - 2012-02-17 02:00 - 01299465 ____A C:\Windows\WindowsUpdate.log
2013-07-06 14:08 - 2012-02-17 02:37 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
2013-07-06 13:43 - 2013-07-06 13:43 - 00000000 ____D C:\ProgramData\Licenses
2013-07-06 13:42 - 2013-07-06 13:42 - 00001079 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-06 13:42 - 2013-07-06 13:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-07-06 13:08 - 2012-02-17 02:37 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
2013-07-06 11:42 - 2013-06-19 20:35 - 00000000 ____D C:\Users\Marco\AppData\Roaming\WebCake
2013-07-06 11:31 - 2013-07-06 11:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-06 11:31 - 2013-07-06 11:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 11:22 - 2013-07-06 11:22 - 00000000 ____D C:\_OTL
2013-07-06 11:19 - 2011-04-12 09:43 - 03758120 ____A C:\Windows\System32\perfh007.dat
2013-07-06 11:19 - 2011-04-12 09:43 - 01122232 ____A C:\Windows\System32\perfc007.dat
2013-07-06 11:19 - 2009-07-14 07:13 - 00005194 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 11:14 - 2013-07-06 11:14 - 00890988 ____A C:\Users\Marco\Desktop\SecurityCheck.exe
2013-07-06 11:13 - 2013-07-06 11:13 - 02347384 ____A (ESET) C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
2013-07-06 11:12 - 2013-07-06 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Marco\Desktop\OTL.exe
2013-07-06 11:05 - 2013-06-19 20:35 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Mozilla
2013-07-06 11:04 - 2013-07-06 11:16 - 00001159 ____A C:\Users\Marco\Desktop\Mozilla Firefox.lnk
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Users\Marco\AppData\Local\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 11:04 - 2013-06-19 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-06 11:03 - 2013-07-06 11:03 - 21703480 ____A (Mozilla) C:\Users\Marco\Downloads\Firefox Setup 22.0.exe
2013-07-06 11:02 - 2012-03-08 14:01 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Skype
2013-07-04 20:40 - 2012-09-20 12:09 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Spotify
2013-07-04 11:20 - 2012-09-20 12:10 - 00000000 ____D C:\Users\Marco\AppData\Local\Spotify
2013-06-28 03:09 - 2013-06-28 03:08 - 00000000 ____D C:\Users\Marco\AppData\Local\{263DF9C9-BA0E-4D9E-8627-E5CD89A2A6EB}
2013-06-27 15:08 - 2013-06-27 15:08 - 00000000 ____D C:\Users\Marco\AppData\Local\{39EE5898-2623-40EB-B6DD-852C9A698B0D}
2013-06-27 15:03 - 2012-02-17 02:46 - 00517694 ____A C:\Windows\DirectX.log
2013-06-27 15:01 - 2013-06-27 15:01 - 00000950 ____A C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
2013-06-27 15:00 - 2013-06-27 14:59 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Aion-Setup-PTS.exe
2013-06-27 14:58 - 2013-06-27 14:57 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Nicht bestätigt 802797.crdownload
2013-06-24 21:33 - 2013-06-24 21:02 - 00000000 ____D C:\Users\Marco\Desktop\Vanessa
2013-06-24 21:14 - 2013-06-24 21:14 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iTunes
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-24 21:13 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iPod
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-24 21:02 - 2013-06-24 21:01 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (2).exe
2013-06-24 21:00 - 2013-06-24 21:00 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (1).exe
2013-06-24 20:57 - 2013-06-24 20:56 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup.exe
2013-06-24 14:26 - 2013-06-24 14:26 - 00000000 ____D C:\Users\Marco\AppData\Local\{2C9EB574-4B6A-4652-90C0-66C942478FEA}
2013-06-20 23:12 - 2013-06-20 23:12 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-20 23:12 - 2013-06-20 23:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-20 23:12 - 2012-03-08 14:01 - 00000000 ____D C:\ProgramData\Skype
2013-06-20 23:11 - 2013-06-20 23:11 - 01491560 ____A (Skype Technologies S.A.) C:\Users\Marco\Downloads\SkypeSetup (1).exe
2013-06-20 22:25 - 2013-06-20 22:25 - 00000000 ____D C:\Users\Marco\AppData\Local\{1DFBE738-1C14-4453-B825-977C4D5BB734}
2013-06-20 11:16 - 2013-06-20 11:16 - 00001121 ____A C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
2013-06-20 11:14 - 2013-06-20 11:14 - 09081117 ____A C:\Users\Marco\Downloads\contents.rar
2013-06-20 10:47 - 2012-02-23 20:37 - 00000000 ____D C:\Users\Marco\AppData\Roaming\uTorrent
2013-06-20 10:41 - 2013-06-20 10:41 - 02191154 ____A C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-06-19 23:22 - 2013-06-19 23:13 - 00000000 ____D C:\Users\Marco\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-06-19 23:10 - 2013-06-19 23:10 - 00893000 ____A (PrivitizeVPN) C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_CB2_fully_updated_client_secure.exe
2013-06-19 23:04 - 2013-06-19 23:04 - 00000000 ____D C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b
2013-06-19 21:09 - 2013-06-19 21:03 - 1072796672 ____A C:\Users\Marco\Downloads\Data6.cab
2013-06-19 21:09 - 2013-06-19 21:00 - 707215847 ____A C:\Users\Marco\Downloads\Data7.cab
2013-06-19 21:09 - 2013-06-19 20:59 - 1073265664 ____A C:\Users\Marco\Downloads\Data4.cab
2013-06-19 21:09 - 2013-06-19 20:59 - 1071889408 ____A C:\Users\Marco\Downloads\Data5.cab
2013-06-19 21:09 - 2013-06-19 20:57 - 1070653440 ____A C:\Users\Marco\Downloads\Data3.cab
2013-06-19 21:09 - 2012-06-15 20:45 - 1069329408 ____A C:\Users\Marco\Downloads\data2.cab
2013-06-19 21:09 - 2012-06-15 20:45 - 1027225600 ____A C:\Users\Marco\Downloads\data1.cab
2013-06-19 21:05 - 2012-06-15 20:46 - 136678121 ____A (InstallShield Software Corporation) C:\Users\Marco\Downloads\Setup.exe
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Delta
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Babylon
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Users\Marco\AppData\Roaming\BabSolution
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\ProgramData\Babylon
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-06-19 20:36 - 2013-06-19 20:35 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2
2013-06-19 18:24 - 2013-06-19 18:24 - 00000204 ____A C:\Users\Marco\Downloads\contentsFIX forerror.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000087 ____A C:\Users\Marco\Downloads\youtube_INSTALLATION-byforums.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000011 ____A C:\Users\Marco\Downloads\z9-all-mates-on-the-ship-is-my-friend.txt
2013-06-14 22:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:52 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 01:48 - 2013-01-15 22:31 - 00000000 ____D C:\Users\Marco\AppData\Local\PMB Files
2013-06-12 22:43 - 2013-01-15 22:31 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-11 21:31 - 2013-06-11 21:30 - 00005265 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:25 - 2013-06-11 21:06 - 00000000 ____D C:\Qoobox
2013-06-11 21:25 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-11 21:23 - 2013-06-11 21:06 - 00000000 ____D C:\Windows\erdnt
2013-06-11 21:20 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-11 21:05 - 2013-06-11 21:04 - 05078680 ____A (Swearware) C:\Users\Marco\Downloads\ComboFix.exe
2013-06-11 20:58 - 2013-06-11 20:58 - 00000000 ____D C:\found.001
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 02:27 - 2013-06-11 00:39 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:39 - 2012-02-17 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-11 00:37 - 2013-06-11 00:36 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-11 00:10 - 2013-06-11 00:10 - 00000000 ____D C:\Users\Marco\AppData\Local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
2013-06-11 00:09 - 2012-03-09 19:26 - 00000000 ____D C:\Users\Marco\Tracing
2013-06-10 23:59 - 2012-02-17 02:42 - 00000000 ____D C:\Users\Marco\AppData\Local\Windows Live
2013-06-10 23:43 - 2013-06-10 22:14 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe
2013-06-08 16:08 - 2013-06-15 22:54 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 22:54 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 22:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 22:54 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 22:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 12:17

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Marco at 2013-07-07 14:37:11
Running from C:\Users\Marco\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

4game (x32 Version: 3.1.0.154)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AION Free-To-Play (x32 Version: 2.70.0000)
AION Free-to-Play PTS Client Version 1.0 (x32 Version: 1.0)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61205.2219)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.24)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Bandisoft MPEG-1 Decoder (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.35)
BrowserDefender (x32)
Canon LBP7010C/7018C
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center InstallProxy (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center Localization All (x32 Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (x32 Version: 2010.0825.2204.37769)
CCC Help Chinese Standard (x32 Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (x32 Version: 2010.0825.2204.37769)
CCC Help Chinese Traditional (x32 Version: 2011.1205.2214.39827)
CCC Help Czech (x32 Version: 2010.0825.2204.37769)
CCC Help Czech (x32 Version: 2011.1205.2214.39827)
CCC Help Danish (x32 Version: 2010.0825.2204.37769)
CCC Help Danish (x32 Version: 2011.1205.2214.39827)
CCC Help Dutch (x32 Version: 2010.0825.2204.37769)
CCC Help Dutch (x32 Version: 2011.1205.2214.39827)
CCC Help English (x32 Version: 2010.0825.2204.37769)
CCC Help English (x32 Version: 2011.1205.2214.39827)
CCC Help Finnish (x32 Version: 2010.0825.2204.37769)
CCC Help Finnish (x32 Version: 2011.1205.2214.39827)
CCC Help French (x32 Version: 2010.0825.2204.37769)
CCC Help French (x32 Version: 2011.1205.2214.39827)
CCC Help German (x32 Version: 2010.0825.2204.37769)
CCC Help German (x32 Version: 2011.1205.2214.39827)
CCC Help Greek (x32 Version: 2010.0825.2204.37769)
CCC Help Greek (x32 Version: 2011.1205.2214.39827)
CCC Help Hungarian (x32 Version: 2010.0825.2204.37769)
CCC Help Hungarian (x32 Version: 2011.1205.2214.39827)
CCC Help Italian (x32 Version: 2010.0825.2204.37769)
CCC Help Italian (x32 Version: 2011.1205.2214.39827)
CCC Help Japanese (x32 Version: 2010.0825.2204.37769)
CCC Help Japanese (x32 Version: 2011.1205.2214.39827)
CCC Help Korean (x32 Version: 2010.0825.2204.37769)
CCC Help Korean (x32 Version: 2011.1205.2214.39827)
CCC Help Norwegian (x32 Version: 2010.0825.2204.37769)
CCC Help Norwegian (x32 Version: 2011.1205.2214.39827)
CCC Help Polish (x32 Version: 2010.0825.2204.37769)
CCC Help Polish (x32 Version: 2011.1205.2214.39827)
CCC Help Portuguese (x32 Version: 2010.0825.2204.37769)
CCC Help Portuguese (x32 Version: 2011.1205.2214.39827)
CCC Help Russian (x32 Version: 2010.0825.2204.37769)
CCC Help Russian (x32 Version: 2011.1205.2214.39827)
CCC Help Spanish (x32 Version: 2010.0825.2204.37769)
CCC Help Spanish (x32 Version: 2011.1205.2214.39827)
CCC Help Swedish (x32 Version: 2010.0825.2204.37769)
CCC Help Swedish (x32 Version: 2011.1205.2214.39827)
CCC Help Thai (x32 Version: 2010.0825.2204.37769)
CCC Help Thai (x32 Version: 2011.1205.2214.39827)
CCC Help Turkish (x32 Version: 2010.0825.2204.37769)
CCC Help Turkish (x32 Version: 2011.1205.2214.39827)
ccc-core-static (x32 Version: 2010.0825.2205.37769)
ccc-utility64 (Version: 2010.0825.2205.37769)
ccc-utility64 (Version: 2011.1205.2215.39827)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
жÔØÌì½¾II (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Delta Chrome Toolbar (x32)
Delta toolbar  (x32 Version: 1.8.21.5)
DivX-Setup (x32 Version: 2.6.1.5)
Dropbox (HKCU Version: 2.0.22)
EA Download Manager (x32 Version: 6.0.4.124)
EA Download Manager UI (x32 Version: 6.0.4)
EA Download Manager UI (x32 Version: 6.0.4.124)
Free M4a to MP3 Converter 7.0 (x32)
Free YouTube Download version 3.1.42.1212 (x32 Version: 3.1.42.1212)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (HKCU Version: 27.0.1453.116)
Harry Potter und die Heiligtümer des Todes™ - Teil 1 (x32 Version: 1.0.0.0)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2202)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.00.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lineage II (HKCU)
LineageII DE (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MyFreeCodec (HKCU)
NC Launcher (GameForge) (x32)
NCsoft Launcher (x32 Version: 1.5.19002)
Nexon Game Manager (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
Plus-HD-2.2 (x32 Version: 1.27.153.6)
PS3 Media Server (x32 Version: 1.72.0)
PX Profile Update (x32 Version: 1.00.1.)
Samsung Kies (x32 Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
TeamSpeak 3 Client (Version: 3.0.6)
TeamSpeak 3 Client (x32 Version: 3.0.10)
TERA (x32 Version: 19.04.02.03.hf3)
TornTV (x32 Version: 2.1 Build 26473)
Uninstall World of Qin 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (x32 Version: 2.0.0)
WebCake 3.00 (Version: 3.00)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
World of Qin 2 Version 2100 (x32 Version: 2100)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (x32 Version: 1.00.0000)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-11 21:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {032E1C2B-CCBA-49AA-87AF-8C6C172FEDBA} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-06-19] (Plus HD)
Task: {06AEBAF2-609F-4539-901C-EA0DA9B6001F} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-06-19] (Plus HD)
Task: {1313D81F-9452-4514-8434-48807B884A73} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {32596267-4E7E-4249-94C5-8A116D788ACF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {404A1974-1BC7-4A6B-BEDE-DC9E9E2754A2} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe [2013-06-19] (Plus HD)
Task: {41AE3AA7-C755-40D3-BC51-77603BC9EA30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {4618AB8E-AF0D-4695-8D96-579E6B97933D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {487770F2-26DA-491F-BBF6-E26716BA093C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1894934171-1551603685-868937202-1000
Task: {521DFFD5-1380-4632-9B8E-BD0226F3A57C} - System32\Tasks\EPUpdater => C:\Users\Marco\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {5469661E-6DF7-4224-8BCF-9A5EA9B3E6D7} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-06-19] (Plus HD)
Task: {707DD0F8-A7C3-4CFC-852E-5400FD211B0F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9DE07357-8231-4739-8C74-24D6125D0FFF} - System32\Tasks\Video Performer => C:\Users\Marco\AppData\Local\Temp\Video Performer63413.exe No File
Task: {B1E804F1-9CDF-4A47-9272-CD8720111FD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFEE31D2-05BE-46A1-A360-9D68869C9A34} - System32\Tasks\Google Updater and Installer => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {D16101E1-2ABA-4794-BD28-1CAACDDA1873} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {DD2087D3-41F6-4238-9140-6A105273C65D} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-06-19] (Plus HD)
Task: {EB86666A-38FD-437B-801F-E826A3083CCA} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2013 02:27:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 01:27:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/06/2013 11:45:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/06/2013 11:45:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/06/2013 11:45:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/06/2013 11:43:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 11:27:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (07/07/2013 02:27:49 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/07/2013 02:27:48 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/07/2013 02:27:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "4game-service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/07/2013 02:27:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst 4game-service erreicht.

Error: (07/06/2013 02:13:13 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/06/2013 02:13:09 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/06/2013 01:43:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserDefendert" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/06/2013 01:43:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/06/2013 00:52:20 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann.

Error: (07/06/2013 11:46:41 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{53CA3E99-806F-4A13-8C18-5E7C03514239}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================
Error: (07/07/2013 02:27:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 01:27:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/06/2013 11:45:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marco\Desktop\esetsmartinstaller_enu.exe

Error: (07/06/2013 11:45:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marco\Desktop\esetsmartinstaller_enu.exe

Error: (07/06/2013 11:45:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marco\Desktop\esetsmartinstaller_enu.exe

Error: (07/06/2013 11:43:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 11:27:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (07/06/2013 11:19:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-06-24 21:02:40.131
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-24 21:02:40.042
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-11 21:16:36.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-11 21:16:36.301
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3828.48 MB
Available physical RAM: 1946.38 MB
Total Pagefile: 7655.15 MB
Available Pagefile: 5547.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:2.61 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:356.01 GB) (Free:170.38 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 682B5DD9)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=356 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 08.07.2013 14:44
Servus,


der Rechner ist wieder infiziert.... keine Ahnung, wie du das wieder angestellt hast... :wtf:


So geht es weiter:




Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • BrowserDefender
    • Delta Chrome Toolbar
    • Delta toolbar
    • Plus-HD-2.2
    • TornTV
    • WebCake 3.00
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten!

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
Kontrollscan mit FRST
Setze einen Haken bei Addition.txt und führe wie zuvor beschrieben einen Scan mit FRST aus. Poste mir beide Testdateien wieder.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von AdwCleaner,
  • die Logdatei von JRT,
  • die beiden Logdateien von FRST.

Teronius 08.07.2013 18:47
Ich habe meinem Freund gerade verboten, seinen besten Freund an den Laptop zu lassen... -.- jedesmal wenn der dran ist, läd er irgendwelche komischen chinesischen Spiele oder so runter... wahrscheinlich fängt er sich damit sonst immer was mit ein.

Hier die Scans:

Code:
# AdwCleaner v2.304 - Datei am 08/07/2013 um 19:29:01 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Marco - MARCITO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marco\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\bprotector_extensions.sqlite
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Marco\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\Marco\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f5388dfe06dba48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.39] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.42] : keyword = "delta-search.com",
Gelöscht [l.46] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4EF6F07BCB7C1C[...]
Gelöscht [l.2864] : urls_to_restore_on_startup = ["hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=062013", "hxxp://se[...]

*************************

AdwCleaner[S1].txt - [5265 octets] - [11/06/2013 21:30:48]
AdwCleaner[S2].txt - [4412 octets] - [08/07/2013 19:29:01]

########## EOF - C:\AdwCleaner[S2].txt - [4472 octets] ##########
Code:
# AdwCleaner v2.304 - Datei am 08/07/2013 um 19:32:27 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Marco - MARCITO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marco\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5265 octets] - [11/06/2013 21:30:48]
AdwCleaner[S2].txt - [4535 octets] - [08/07/2013 19:29:01]
AdwCleaner[S3].txt - [1252 octets] - [08/07/2013 19:32:27]

########## EOF - C:\AdwCleaner[S3].txt - [1312 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows 7 Ultimate x64
Ran by Marco on 08.07.2013 at 19:37:41,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\InstallBrainService"
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{0D0125CD-69E3-4FE2-88C8-EDCDC72E5D01}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{11A11427-9A87-4B75-9720-46D7B9653E6B}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{13D9077B-8607-4F4C-B8EF-C61897481EA5}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{1C0CF29B-EAEC-403C-A5BB-779E17310447}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{1DFBE738-1C14-4453-B825-977C4D5BB734}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{1E740DE8-C03D-44DE-97C7-D263C26BF612}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{263DF9C9-BA0E-4D9E-8627-E5CD89A2A6EB}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{2BBC6D37-579A-46FF-9768-F265319B12E3}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{2C9EB574-4B6A-4652-90C0-66C942478FEA}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{2D59AAD6-512C-49C4-AEC6-9392EF9976CB}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{39EE5898-2623-40EB-B6DD-852C9A698B0D}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{428DD8E1-EBB9-4A84-8C12-6759EA983A24}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{4512583B-8E36-4FA1-A050-3D0287630B88}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{51775395-2040-4768-B6FF-971FE9891634}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{56D66DC7-9B71-481D-BA76-432B80801929}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{651CC836-8A31-4EE5-9BBA-2B38FD573369}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{676305F6-3DFF-4D4A-A167-B71411151592}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{75D42D8B-63B0-465F-BFCF-A60FEFFACA7E}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{76DEBAAF-132C-4DF4-9FBB-F9800AF448B8}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{7734BE97-9A5C-4DFB-A3F5-C18B45A940EB}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{834F6AF6-F2FC-4C0E-B5B6-73D0370BE159}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{83E77011-4111-4F09-8B0C-D5F4AC0B8D54}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{9354662D-EDE0-413A-8036-6918EAA4E21B}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{9F43D4E1-2AB1-4B6B-8931-B4F68867BA32}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{A7B95211-B849-417A-BA4F-6785DE01F439}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{A9E229CF-EBEA-46E6-9D1A-F67A08D600E1}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{B317B55F-4F0C-4E3E-9ED8-076C36D88255}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{E4A5C2D0-622B-46FF-9D8A-F0BFAB25CB9E}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{EACA697C-D027-400F-B7C1-C43EA5364EF7}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{EB014821-7682-4978-9B37-3597CA44F70F}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{F93802F5-5FA5-475D-8556-52CCC9EF7D6D}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{FAAA4D2C-82C3-40C6-998A-A4E8F3816798}
Successfully deleted: [Empty Folder] C:\Users\Marco\appdata\local\{FE2B16B9-F74F-43CA-B5A8-129C8F595C7E}



~~~ FireFox

Successfully deleted: [File] C:\Users\Marco\AppData\Roaming\mozilla\firefox\profiles\lnnh5lt1.default\invalidprefs.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 19:41:20,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Marco (administrator) on 08-07-2013 19:41:41
Running from C:\Users\Marco\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Innova Co S.a r.l.) C:\Program Files (x86)\4game\4game-service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Dropbox, Inc.) C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKCU\...\Run: [PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 [x] <===== ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @4game.com/plugin - C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: WOT - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

Chrome:
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP&dt=062013
CHR DefaultSearchURL: (Delta Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marco\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Marco\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 4game-service; C:\Program Files (x86)\4game\4game-service.exe [1133056 2013-05-23] (Innova Co S.a r.l.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-08 19:41 - 2013-07-08 19:41 - 00004330 ____A C:\Users\Marco\Desktop\JRT.txt
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\JRT
2013-07-08 19:37 - 2013-07-08 19:36 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Marco\Desktop\JRT.exe
2013-07-08 19:34 - 2013-07-08 19:34 - 00001381 ____A C:\Users\Marco\Desktop\AdwCleaner[S3].txt
2013-07-08 19:32 - 2013-07-08 19:32 - 00001381 ____A C:\AdwCleaner[S3].txt
2013-07-08 19:31 - 2013-07-08 19:31 - 00004535 ____A C:\Users\Marco\Desktop\AdwCleaner[S2].txt
2013-07-08 19:29 - 2013-07-08 19:29 - 00004535 ____A C:\AdwCleaner[S2].txt
2013-07-08 19:29 - 2013-07-08 19:29 - 00000098 ____A C:\Windows\DeleteOnReboot.bat
2013-07-08 19:28 - 2013-07-08 19:28 - 00650027 ____A C:\Users\Marco\Desktop\adwcleaner.exe
2013-07-07 14:33 - 2013-07-07 14:33 - 01934636 ____A (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2013-07-06 13:43 - 2013-07-06 13:43 - 00000000 ____D C:\ProgramData\Licenses
2013-07-06 13:42 - 2013-07-06 13:42 - 00001079 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-06 13:42 - 2013-07-06 13:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-07-06 13:42 - 2009-03-24 12:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-07-06 11:31 - 2013-07-06 11:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-06 11:31 - 2013-07-06 11:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 11:31 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-06 11:22 - 2013-07-06 11:22 - 00000000 ____D C:\_OTL
2013-07-06 11:16 - 2013-07-06 11:04 - 00001159 ____A C:\Users\Marco\Desktop\Mozilla Firefox.lnk
2013-07-06 11:14 - 2013-07-06 11:14 - 00890988 ____A C:\Users\Marco\Desktop\SecurityCheck.exe
2013-07-06 11:13 - 2013-07-06 11:13 - 02347384 ____A (ESET) C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
2013-07-06 11:12 - 2013-07-06 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Marco\Desktop\OTL.exe
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Users\Marco\AppData\Local\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 11:03 - 2013-07-06 11:03 - 21703480 ____A (Mozilla) C:\Users\Marco\Downloads\Firefox Setup 22.0.exe
2013-06-27 15:01 - 2013-06-27 15:01 - 00000950 ____A C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
2013-06-27 14:59 - 2013-06-27 15:00 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Aion-Setup-PTS.exe
2013-06-27 14:57 - 2013-06-27 14:58 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Nicht bestätigt 802797.crdownload
2013-06-24 21:14 - 2013-06-24 21:14 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-24 21:14 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\iTunes
2013-06-24 21:13 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-24 21:13 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iPod
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-24 21:02 - 2013-06-24 21:33 - 00000000 ____D C:\Users\Marco\Desktop\Vanessa
2013-06-24 21:01 - 2013-06-24 21:02 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (2).exe
2013-06-24 21:00 - 2013-06-24 21:00 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (1).exe
2013-06-24 20:56 - 2013-06-24 20:57 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup.exe
2013-06-20 23:12 - 2013-06-20 23:12 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-20 23:12 - 2013-06-20 23:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-20 23:11 - 2013-06-20 23:11 - 01491560 ____A (Skype Technologies S.A.) C:\Users\Marco\Downloads\SkypeSetup (1).exe
2013-06-20 11:16 - 2013-06-20 11:16 - 00001121 ____A C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
2013-06-20 11:14 - 2013-06-20 11:14 - 09081117 ____A C:\Users\Marco\Downloads\contents.rar
2013-06-20 10:41 - 2013-06-20 10:41 - 02191154 ____A C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-06-19 23:13 - 2013-06-19 23:22 - 00000000 ____D C:\Users\Marco\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-06-19 23:10 - 2013-06-19 23:10 - 00893000 ____A (PrivitizeVPN) C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_CB2_fully_updated_client_secure.exe
2013-06-19 23:04 - 2013-06-19 23:04 - 00000000 ____D C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b
2013-06-19 21:03 - 2013-06-19 21:09 - 1072796672 ____A C:\Users\Marco\Downloads\Data6.cab
2013-06-19 21:00 - 2013-06-19 21:09 - 707215847 ____A C:\Users\Marco\Downloads\Data7.cab
2013-06-19 20:59 - 2013-06-19 21:09 - 1073265664 ____A C:\Users\Marco\Downloads\Data4.cab
2013-06-19 20:59 - 2013-06-19 21:09 - 1071889408 ____A C:\Users\Marco\Downloads\Data5.cab
2013-06-19 20:57 - 2013-06-19 21:09 - 1070653440 ____A C:\Users\Marco\Downloads\Data3.cab
2013-06-19 20:36 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-19 20:35 - 2013-07-06 11:05 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Mozilla
2013-06-19 18:24 - 2013-06-19 18:24 - 00000204 ____A C:\Users\Marco\Downloads\contentsFIX forerror.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000087 ____A C:\Users\Marco\Downloads\youtube_INSTALLATION-byforums.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000011 ____A C:\Users\Marco\Downloads\z9-all-mates-on-the-ship-is-my-friend.txt
2013-06-15 22:54 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 22:54 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 22:54 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 22:54 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 22:54 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 22:54 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 22:54 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:51 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:51 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:51 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:51 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:51 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:51 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:51 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:51 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 13:58 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:58 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:58 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:58 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:58 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:58 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:58 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:58 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:58 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 13:58 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 13:58 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:58 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:58 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 13:58 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 13:58 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 13:58 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 13:58 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 21:30 - 2013-06-11 21:31 - 00005265 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-11 21:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-11 21:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-11 21:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-11 21:06 - 2013-06-11 21:25 - 00000000 ____D C:\Qoobox
2013-06-11 21:06 - 2013-06-11 21:23 - 00000000 ____D C:\Windows\erdnt
2013-06-11 21:04 - 2013-06-11 21:05 - 05078680 ____A (Swearware) C:\Users\Marco\Downloads\ComboFix.exe
2013-06-11 20:58 - 2013-06-11 20:58 - 00000000 ____D C:\found.001
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 02:59 - 2012-10-24 10:16 - 04702568 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2013-06-11 02:59 - 2005-01-02 23:43 - 00004682 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2013-06-11 02:59 - 2003-07-19 08:17 - 00005174 ____A C:\Windows\SysWOW64\nppt9x.vxd
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 00:39 - 2013-06-11 02:27 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:36 - 2013-06-11 00:37 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-10 22:14 - 2013-06-10 23:43 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe

==================== One Month Modified Files and Folders =======

2013-07-08 19:41 - 2013-07-08 19:41 - 00004330 ____A C:\Users\Marco\Desktop\JRT.txt
2013-07-08 19:41 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 19:41 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 19:37 - 2013-07-08 19:37 - 00000000 ____D C:\JRT
2013-07-08 19:36 - 2013-07-08 19:37 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Marco\Desktop\JRT.exe
2013-07-08 19:34 - 2013-07-08 19:34 - 00001381 ____A C:\Users\Marco\Desktop\AdwCleaner[S3].txt
2013-07-08 19:34 - 2013-02-18 16:10 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Dropbox
2013-07-08 19:33 - 2012-01-10 21:14 - 00081450 ____A C:\Windows\setupact.log
2013-07-08 19:33 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 19:32 - 2013-07-08 19:32 - 00001381 ____A C:\AdwCleaner[S3].txt
2013-07-08 19:31 - 2013-07-08 19:31 - 00004535 ____A C:\Users\Marco\Desktop\AdwCleaner[S2].txt
2013-07-08 19:30 - 2010-11-21 05:47 - 00039160 ____A C:\Windows\PFRO.log
2013-07-08 19:29 - 2013-07-08 19:29 - 00004535 ____A C:\AdwCleaner[S2].txt
2013-07-08 19:29 - 2013-07-08 19:29 - 00000098 ____A C:\Windows\DeleteOnReboot.bat
2013-07-08 19:29 - 2012-02-17 02:00 - 01360878 ____A C:\Windows\WindowsUpdate.log
2013-07-08 19:28 - 2013-07-08 19:28 - 00650027 ____A C:\Users\Marco\Desktop\adwcleaner.exe
2013-07-08 19:08 - 2012-02-17 02:37 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
2013-07-08 18:59 - 2012-02-17 02:35 - 00000000 ____D C:\ProgramData\MFAData
2013-07-07 14:33 - 2013-07-07 14:33 - 01934636 ____A (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2013-07-06 13:43 - 2013-07-06 13:43 - 00000000 ____D C:\ProgramData\Licenses
2013-07-06 13:42 - 2013-07-06 13:42 - 00001079 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-06 13:42 - 2013-07-06 13:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-07-06 13:08 - 2012-02-17 02:37 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
2013-07-06 11:31 - 2013-07-06 11:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-06 11:31 - 2013-07-06 11:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 11:22 - 2013-07-06 11:22 - 00000000 ____D C:\_OTL
2013-07-06 11:19 - 2011-04-12 09:43 - 03758120 ____A C:\Windows\System32\perfh007.dat
2013-07-06 11:19 - 2011-04-12 09:43 - 01122232 ____A C:\Windows\System32\perfc007.dat
2013-07-06 11:19 - 2009-07-14 07:13 - 00005194 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 11:14 - 2013-07-06 11:14 - 00890988 ____A C:\Users\Marco\Desktop\SecurityCheck.exe
2013-07-06 11:13 - 2013-07-06 11:13 - 02347384 ____A (ESET) C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
2013-07-06 11:12 - 2013-07-06 11:12 - 00602112 ____A (OldTimer Tools) C:\Users\Marco\Desktop\OTL.exe
2013-07-06 11:05 - 2013-06-19 20:35 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Mozilla
2013-07-06 11:04 - 2013-07-06 11:16 - 00001159 ____A C:\Users\Marco\Desktop\Mozilla Firefox.lnk
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Users\Marco\AppData\Local\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-06 11:04 - 2013-07-06 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 11:04 - 2013-06-19 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-06 11:03 - 2013-07-06 11:03 - 21703480 ____A (Mozilla) C:\Users\Marco\Downloads\Firefox Setup 22.0.exe
2013-07-06 11:02 - 2012-03-08 14:01 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Skype
2013-07-04 20:40 - 2012-09-20 12:09 - 00000000 ____D C:\Users\Marco\AppData\Roaming\Spotify
2013-07-04 11:20 - 2012-09-20 12:10 - 00000000 ____D C:\Users\Marco\AppData\Local\Spotify
2013-06-27 15:03 - 2012-02-17 02:46 - 00517694 ____A C:\Windows\DirectX.log
2013-06-27 15:01 - 2013-06-27 15:01 - 00000950 ____A C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
2013-06-27 15:00 - 2013-06-27 14:59 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Aion-Setup-PTS.exe
2013-06-27 14:58 - 2013-06-27 14:57 - 102878296 ____A (Gameforge                                                  ) C:\Users\Marco\Downloads\Nicht bestätigt 802797.crdownload
2013-06-24 21:33 - 2013-06-24 21:02 - 00000000 ____D C:\Users\Marco\Desktop\Vanessa
2013-06-24 21:14 - 2013-06-24 21:14 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iTunes
2013-06-24 21:14 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-24 21:13 - 2013-06-24 21:13 - 00000000 ____D C:\Program Files\iPod
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-24 21:06 - 2013-06-24 21:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-06-24 21:02 - 2013-06-24 21:01 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (2).exe
2013-06-24 21:00 - 2013-06-24 21:00 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup (1).exe
2013-06-24 20:57 - 2013-06-24 20:56 - 89111376 ____A (Apple Inc.) C:\Users\Marco\Downloads\iTunesSetup.exe
2013-06-20 23:12 - 2013-06-20 23:12 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-20 23:12 - 2013-06-20 23:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-20 23:12 - 2012-03-08 14:01 - 00000000 ____D C:\ProgramData\Skype
2013-06-20 23:11 - 2013-06-20 23:11 - 01491560 ____A (Skype Technologies S.A.) C:\Users\Marco\Downloads\SkypeSetup (1).exe
2013-06-20 11:16 - 2013-06-20 11:16 - 00001121 ____A C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
2013-06-20 11:14 - 2013-06-20 11:14 - 09081117 ____A C:\Users\Marco\Downloads\contents.rar
2013-06-20 10:47 - 2012-02-23 20:37 - 00000000 ____D C:\Users\Marco\AppData\Roaming\uTorrent
2013-06-20 10:41 - 2013-06-20 10:41 - 02191154 ____A C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-06-19 23:22 - 2013-06-19 23:13 - 00000000 ____D C:\Users\Marco\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-06-19 23:10 - 2013-06-19 23:10 - 00893000 ____A (PrivitizeVPN) C:\Users\Marco\Downloads\Atomix_Blade_and_Soul_CB2_fully_updated_client_secure.exe
2013-06-19 23:04 - 2013-06-19 23:04 - 00000000 ____D C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b
2013-06-19 21:09 - 2013-06-19 21:03 - 1072796672 ____A C:\Users\Marco\Downloads\Data6.cab
2013-06-19 21:09 - 2013-06-19 21:00 - 707215847 ____A C:\Users\Marco\Downloads\Data7.cab
2013-06-19 21:09 - 2013-06-19 20:59 - 1073265664 ____A C:\Users\Marco\Downloads\Data4.cab
2013-06-19 21:09 - 2013-06-19 20:59 - 1071889408 ____A C:\Users\Marco\Downloads\Data5.cab
2013-06-19 21:09 - 2013-06-19 20:57 - 1070653440 ____A C:\Users\Marco\Downloads\Data3.cab
2013-06-19 21:09 - 2012-06-15 20:45 - 1069329408 ____A C:\Users\Marco\Downloads\data2.cab
2013-06-19 21:09 - 2012-06-15 20:45 - 1027225600 ____A C:\Users\Marco\Downloads\data1.cab
2013-06-19 21:05 - 2012-06-15 20:46 - 136678121 ____A (InstallShield Software Corporation) C:\Users\Marco\Downloads\Setup.exe
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-19 20:36 - 2013-06-19 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-19 18:24 - 2013-06-19 18:24 - 00000204 ____A C:\Users\Marco\Downloads\contentsFIX forerror.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000087 ____A C:\Users\Marco\Downloads\youtube_INSTALLATION-byforums.txt
2013-06-19 18:24 - 2013-06-19 18:24 - 00000011 ____A C:\Users\Marco\Downloads\z9-all-mates-on-the-ship-is-my-friend.txt
2013-06-14 22:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 01:52 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 01:48 - 2013-01-15 22:31 - 00000000 ____D C:\Users\Marco\AppData\Local\PMB Files
2013-06-12 22:43 - 2013-01-15 22:31 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-11 21:31 - 2013-06-11 21:30 - 00005265 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:25 - 2013-06-11 21:06 - 00000000 ____D C:\Qoobox
2013-06-11 21:25 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-11 21:23 - 2013-06-11 21:06 - 00000000 ____D C:\Windows\erdnt
2013-06-11 21:20 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-11 21:05 - 2013-06-11 21:04 - 05078680 ____A (Swearware) C:\Users\Marco\Downloads\ComboFix.exe
2013-06-11 20:58 - 2013-06-11 20:58 - 00000000 ____D C:\found.001
2013-06-11 20:11 - 2013-06-11 20:11 - 00000000 ____D C:\FRST
2013-06-11 02:58 - 2013-06-11 02:58 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2013-06-11 02:27 - 2013-06-11 02:27 - 00002094 ____A C:\Users\Marco\Desktop\Lineage II.lnk
2013-06-11 02:27 - 2013-06-11 00:39 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-06-11 00:39 - 2013-06-11 00:39 - 00002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2013-06-11 00:39 - 2012-02-17 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-11 00:37 - 2013-06-11 00:36 - 06523640 ____A (Macrovision Corporation) C:\Users\Marco\Downloads\NCsoftLauncherSetup.exe
2013-06-11 00:09 - 2012-03-09 19:26 - 00000000 ____D C:\Users\Marco\Tracing
2013-06-10 23:59 - 2012-02-17 02:42 - 00000000 ____D C:\Users\Marco\AppData\Local\Windows Live
2013-06-10 23:43 - 2013-06-10 22:14 - 00000000 ____D C:\Program Files (x86)\4game
2013-06-10 22:13 - 2013-06-10 22:13 - 04711472 ____A (Innova Co S.a r.l.) C:\Users\Marco\Downloads\lineage2de_setup-de.exe
2013-06-08 16:08 - 2013-06-15 22:54 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 22:54 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 22:54 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 22:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 22:54 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 22:54 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 22:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 12:17

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Marco at 2013-07-08 19:42:30
Running from C:\Users\Marco\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

4game (x32 Version: 3.1.0.154)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AION Free-To-Play (x32 Version: 2.70.0000)
AION Free-to-Play PTS Client Version 1.0 (x32 Version: 1.0)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61205.2219)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.24)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Bandisoft MPEG-1 Decoder (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.35)
Canon LBP7010C/7018C
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center InstallProxy (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center Localization All (x32 Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (x32 Version: 2010.0825.2204.37769)
CCC Help Chinese Standard (x32 Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (x32 Version: 2010.0825.2204.37769)
CCC Help Chinese Traditional (x32 Version: 2011.1205.2214.39827)
CCC Help Czech (x32 Version: 2010.0825.2204.37769)
CCC Help Czech (x32 Version: 2011.1205.2214.39827)
CCC Help Danish (x32 Version: 2010.0825.2204.37769)
CCC Help Danish (x32 Version: 2011.1205.2214.39827)
CCC Help Dutch (x32 Version: 2010.0825.2204.37769)
CCC Help Dutch (x32 Version: 2011.1205.2214.39827)
CCC Help English (x32 Version: 2010.0825.2204.37769)
CCC Help English (x32 Version: 2011.1205.2214.39827)
CCC Help Finnish (x32 Version: 2010.0825.2204.37769)
CCC Help Finnish (x32 Version: 2011.1205.2214.39827)
CCC Help French (x32 Version: 2010.0825.2204.37769)
CCC Help French (x32 Version: 2011.1205.2214.39827)
CCC Help German (x32 Version: 2010.0825.2204.37769)
CCC Help German (x32 Version: 2011.1205.2214.39827)
CCC Help Greek (x32 Version: 2010.0825.2204.37769)
CCC Help Greek (x32 Version: 2011.1205.2214.39827)
CCC Help Hungarian (x32 Version: 2010.0825.2204.37769)
CCC Help Hungarian (x32 Version: 2011.1205.2214.39827)
CCC Help Italian (x32 Version: 2010.0825.2204.37769)
CCC Help Italian (x32 Version: 2011.1205.2214.39827)
CCC Help Japanese (x32 Version: 2010.0825.2204.37769)
CCC Help Japanese (x32 Version: 2011.1205.2214.39827)
CCC Help Korean (x32 Version: 2010.0825.2204.37769)
CCC Help Korean (x32 Version: 2011.1205.2214.39827)
CCC Help Norwegian (x32 Version: 2010.0825.2204.37769)
CCC Help Norwegian (x32 Version: 2011.1205.2214.39827)
CCC Help Polish (x32 Version: 2010.0825.2204.37769)
CCC Help Polish (x32 Version: 2011.1205.2214.39827)
CCC Help Portuguese (x32 Version: 2010.0825.2204.37769)
CCC Help Portuguese (x32 Version: 2011.1205.2214.39827)
CCC Help Russian (x32 Version: 2010.0825.2204.37769)
CCC Help Russian (x32 Version: 2011.1205.2214.39827)
CCC Help Spanish (x32 Version: 2010.0825.2204.37769)
CCC Help Spanish (x32 Version: 2011.1205.2214.39827)
CCC Help Swedish (x32 Version: 2010.0825.2204.37769)
CCC Help Swedish (x32 Version: 2011.1205.2214.39827)
CCC Help Thai (x32 Version: 2010.0825.2204.37769)
CCC Help Thai (x32 Version: 2011.1205.2214.39827)
CCC Help Turkish (x32 Version: 2010.0825.2204.37769)
CCC Help Turkish (x32 Version: 2011.1205.2214.39827)
ccc-core-static (x32 Version: 2010.0825.2205.37769)
ccc-utility64 (Version: 2010.0825.2205.37769)
ccc-utility64 (Version: 2011.1205.2215.39827)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
жÔØÌì½¾II (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX-Setup (x32 Version: 2.6.1.5)
Dropbox (HKCU Version: 2.0.22)
EA Download Manager (x32 Version: 6.0.4.124)
EA Download Manager UI (x32 Version: 6.0.4)
EA Download Manager UI (x32 Version: 6.0.4.124)
Free M4a to MP3 Converter 7.0 (x32)
Free YouTube Download version 3.1.42.1212 (x32 Version: 3.1.42.1212)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (HKCU Version: 27.0.1453.116)
Harry Potter und die Heiligtümer des Todes™ - Teil 1 (x32 Version: 1.0.0.0)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2202)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.00.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lineage II (HKCU)
LineageII DE (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MyFreeCodec (HKCU)
NC Launcher (GameForge) (x32)
NCsoft Launcher (x32 Version: 1.5.19002)
Nexon Game Manager (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
PS3 Media Server (x32 Version: 1.72.0)
PX Profile Update (x32 Version: 1.00.1.)
Samsung Kies (x32 Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
TeamSpeak 3 Client (Version: 3.0.6)
TeamSpeak 3 Client (x32 Version: 3.0.10)
TERA (x32 Version: 19.04.02.03.hf3)
Uninstall World of Qin 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (x32 Version: 2.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
World of Qin 2 Version 2100 (x32 Version: 2100)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (x32 Version: 1.00.0000)

==================== Restore Points  =========================

08-07-2013 15:34:06 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-11 21:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1313D81F-9452-4514-8434-48807B884A73} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {32596267-4E7E-4249-94C5-8A116D788ACF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {41AE3AA7-C755-40D3-BC51-77603BC9EA30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {4618AB8E-AF0D-4695-8D96-579E6B97933D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {487770F2-26DA-491F-BBF6-E26716BA093C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1894934171-1551603685-868937202-1000
Task: {707DD0F8-A7C3-4CFC-852E-5400FD211B0F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9DE07357-8231-4739-8C74-24D6125D0FFF} - System32\Tasks\Video Performer => C:\Users\Marco\AppData\Local\Temp\Video Performer63413.exe No File
Task: {B1E804F1-9CDF-4A47-9272-CD8720111FD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFEE31D2-05BE-46A1-A360-9D68869C9A34} - System32\Tasks\Google Updater and Installer => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.)
Task: {D16101E1-2ABA-4794-BD28-1CAACDDA1873} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {EB86666A-38FD-437B-801F-E826A3083CCA} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job => C:\Users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-24 21:02:40.131
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-24 21:02:40.042
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-11 21:16:36.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-11 21:16:36.301
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3828.48 MB
Available physical RAM: 2478.75 MB
Total Pagefile: 7655.15 MB
Available Pagefile: 6200.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:2.01 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:356.01 GB) (Free:170.38 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 682B5DD9)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=356 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 08.07.2013 19:03
Servus,



ok, gut gemacht. So gehts weiter:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
HKCU\...\Run: [PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 [x] <===== ATTENTION
C:\Users\Marco\AppData\Local\Temp\*.tmp
C:\Users\Marco\AppData\Local\Temp\*.exe
C:\Users\Marco\AppData\Local\Temp\*.dll
Task: {9DE07357-8231-4739-8C74-24D6125D0FFF} - System32\Tasks\Video Performer => C:\Users\Marco\AppData\Local\Temp\Video Performer63413.exe No File
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Öffne Google Chrome.
  • Klicke rechts oben auf Google Chrome anpassen.
  • Wähle Einstellungen.
    -------------------------------------------------------------
  • Unter Erscheinungsbild > Haken setzen bei "Schaltfläche Startseite anzeigen"
  • Unter "Neuer Tab"-Seite klicke auf Ändern
  • Unter Diese Seite öffnen gib deine gewünschte Seite ein, z. B. www.google.de
  • Bestätige mit Ok.
    -------------------------------------------------------------
  • Unter Beim Start > Wähle "Bestimmte Seite oder Seiten öffnen" aus und klicke auf Seiten festlegen.
  • Gib die gewünschte Startseite ein und bestätige mit Ok.
    -------------------------------------------------------------
  • Unter Suche klicke auf Suchmachinen verwalten.
  • Bewege den Mauszeiger auf Google.de und klicke auf den blau hinterlegten Button Als Standard festlegen.
  • Bewege nun den Mauszeiger auf Delta Search und klicke rechts auf das Symbol X.
  • Bestätige mit Fertig.
    -------------------------------------------------------------
  • Klicke links oben auf Erweiterungen und setze nun ein Häkchen vor Entwicklermodus.
  • Kopiere dir die Namen aller Erweiterungen, inklusive der jeweiligen ID, wie z. B.
    avast! WebRep 8.0.1483 -> ID: icmlaeflemplmjndnaapfdbbnpncnbda
    und poste mir die Namen und IDs mit deiner nächsten Antwort.
  • Schließe Google Chrome.





Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *BrowserDefender*
    *Babylon*
    *Tarma Installer*
    *WebCake*
    *TornTV*
    *bprotector*
    *Crossrider*
    *Plus-HD*
    *Performer*

    :folderfind
    *BrowserDefender*
    *Babylon*
    *Tarma Installer*
    *WebCake*
    *TornTV*
    *bprotector*
    *Crossrider*
    *Plus-HD*
    *Performer*

    :regfind
    BrowserDefender
    Babylon
    Tarma Installer
    WebCake
    TornTV
    bprotector
    Crossrider
    Plus-HD
    Performer
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Schritt 4
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Rückmeldung von Google Chrome,
  • die Logdatei von SystemLook,
  • die Logdatei von OTL.

Teronius 08.07.2013 21:57
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-07-2013
Ran by Marco at 2013-07-08 22:26:06 Run:2
Running from C:\Users\Marco\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 [x => Value not found.
C:\Users\Marco\AppData\Local\Temp\*.tmp => Moved successfully.
C:\Users\Marco\AppData\Local\Temp\*.exe => Moved successfully.
"C:\Users\Marco\AppData\Local\Temp\*.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DE07357-8231-4739-8C74-24D6125D0FFF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DE07357-8231-4739-8C74-24D6125D0FFF} => Key deleted successfully.
C:\Windows\System32\Tasks\Video Performer => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Performer => Key deleted successfully.

==== End of Fixlog ====
Chrome Erweiterungen:

DVDVideoSoft Browser Extension 1.0.1.1
ID: nikpibnbobmbdbheedjfogjlikpgpnhp

Mehr Leistung und Videoformate für dein HTML5 2.1.2.145
ID: nneajnkjbffgblleaoojgaacokifdkhm

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 22:38 on 08/07/2013 by Marco
Administrator - Elevation successful

========== filefind ==========

Searching for "*BrowserDefender*"
No files found.

Searching for "*Babylon*"
C:\Users\Marco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQDN5LOI\459_Babylon_of[1].jpg        --a---- 10352 bytes        [14:47 08/07/2013]        [14:47 08/07/2013] 9A668CE8251854E80F2B23CFA54EC4D7
C:\Users\Marco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V81LU7QZ\babylon[1].css        --a---- 3055 bytes        [14:43 08/07/2013]        [14:43 08/07/2013] E297E191420B5519B04F74BD72EE36AC

Searching for "*Tarma Installer*"
No files found.

Searching for "*WebCake*"
No files found.

Searching for "*TornTV*"
No files found.

Searching for "*bprotector*"
No files found.

Searching for "*Crossrider*"
No files found.

Searching for "*Plus-HD*"
C:\Users\Marco\AppData\Local\Temp\Plus-HD-2.2Uninstaller_1373304399.log        --a---- 16758 bytes        [17:26 08/07/2013]        [17:27 08/07/2013] BFA13A5887268ADD371876BF23C764A5
C:\Windows\Prefetch\PLUS-HD-2.2-CODEDOWNLOADER.EX-77785A59.pf        --a---- 48402 bytes        [00:36 25/06/2013]        [14:43 08/07/2013] E84EFB5635CE666832B236254C4CF9BD
C:\Windows\Prefetch\PLUS-HD-2.2-ENABLER.EXE-1AF44611.pf        --a---- 17596 bytes        [17:26 08/07/2013]        [17:26 08/07/2013] 7931536183676F1C65C2B3A4BD488AA3

Searching for "*Performer*"
C:\FRST\Quarantine\Video Performer        --a---- 3348 bytes        [08:54 10/03/2012]        [08:54 10/03/2012] F1164BF7F770D985692B522FCA6251DB
C:\Users\Marco\AppData\Roaming\uTorrent\PCPerformer-BitTorrent-b.torrent        ------- 1555 bytes        [21:04 19/06/2013]        [21:04 19/06/2013] 0C124ED327856AACADF28719C66EAC34
C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b\PCPerformerSetup_BT.exe        --a---- 622336 bytes        [21:04 19/06/2013]        [21:04 19/06/2013] 02D9E857ABE06213CEC22D7A20783DB7

========== folderfind ==========

Searching for "*BrowserDefender*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Tarma Installer*"
No folders found.

Searching for "*WebCake*"
No folders found.

Searching for "*TornTV*"
No folders found.

Searching for "*bprotector*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*Plus-HD*"
No folders found.

Searching for "*Performer*"
C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b        d------        [21:04 19/06/2013]

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Tarma Installer"
No data found.

Searching for "WebCake"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService]

Searching for "TornTV"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\torntv.com\torntv downloader.exe"="Torntv Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje]
"path"="C:\Program Files (x86)\TornTV.com\torn2_10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{E07CF73B-F6F1-414C-8CB2-E5C95F54B8E4}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{15ED0208-CFB3-49DA-A397-E61B5E1D3FB2}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{E07CF73B-F6F1-414C-8CB2-E5C95F54B8E4}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{15ED0208-CFB3-49DA-A397-E61B5E1D3FB2}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{E07CF73B-F6F1-414C-8CB2-E5C95F54B8E4}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{15ED0208-CFB3-49DA-A397-E61B5E1D3FB2}C:\program files (x86)\torntv.com\torntv downloader.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\torntv.com\torntv downloader.exe|Name=Torntv Downloader|Desc=Torntv Downloader|Defer=User|"
[HKEY_USERS\S-1-5-21-1894934171-1551603685-868937202-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\torntv.com\torntv downloader.exe"="Torntv Downloader"
[HKEY_USERS\S-1-5-21-1894934171-1551603685-868937202-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\torntv.com\torntv downloader.exe"="Torntv Downloader"

Searching for "bprotector"
No data found.

Searching for "Crossrider"
No data found.

Searching for "Plus-HD"
No data found.

Searching for "Performer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Performer43885.exe"=""C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2"
[HKEY_USERS\S-1-5-21-1894934171-1551603685-868937202-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Performer43885.exe"=""C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2"

-= EOF =-
Code:
OTL logfile created on: 08.07.2013 22:45:01 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marco\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 52,65% Memory free
7,48 Gb Paging File | 5,56 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 6,27 Gb Free Space | 6,42% Space Free | Partition Type: NTFS
Drive D: | 356,01 Gb Total Space | 166,06 Gb Free Space | 46,65% Space Free | Partition Type: NTFS
 
Computer Name: MARCITO | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Marco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\4game\4game-service.exe (Innova Co S.a r.l.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Marco\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Marco\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (4game-service) -- C:\Program Files (x86)\4game\4game-service.exe (Innova Co S.a r.l.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 69 6D BA 0B ED CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=860
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@4game.com/plugin: C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.17 02:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.16 03:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.07.06 11:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions
[2013.06.19 20:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]phd10\extensions
[2013.07.08 19:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions
[2013.07.06 13:44:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\lnnh5lt1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.06 13:44:38 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\firefox\profiles\lnnh5lt1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.19 20:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.06 11:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.06 11:04:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.06.11 21:20:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE File not found
O4 - HKCU..\Run: [PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 File not found
O4 - Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 4game.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D7A493D-A685-4F47-B6CC-31249886D4F2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53CA3E99-806F-4A13-8C18-5E7C03514239}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.08 22:24:57 | 001,934,554 | ---- | C] (Farbar) -- C:\Users\Marco\Desktop\FRST64.exe
[2013.07.08 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\{CD08E544-4287-4CE9-8666-4EE43E7431D9}
[2013.07.08 19:37:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.08 19:37:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.08 19:37:09 | 000,547,139 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Marco\Desktop\JRT.exe
[2013.07.06 13:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.07.06 13:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013.07.06 13:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013.07.06 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013.07.06 11:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.06 11:31:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.06 11:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.06 11:22:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.07.06 11:13:37 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
[2013.07.06 11:12:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2013.07.06 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\Mozilla
[2013.07.06 11:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.07.06 11:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.27 15:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AION Free-to-Play PTS Client
[2013.06.24 21:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.24 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.24 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.24 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.24 21:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.24 21:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.06.24 21:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.06.24 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.06.24 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.06.20 23:12:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.06.20 23:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.20 23:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.06.19 20:36:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.06.19 20:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.06.19 20:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.19 20:35:11 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Mozilla
[2013.06.11 21:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.11 21:20:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.11 21:07:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 21:07:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 21:07:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 21:06:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 21:06:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 20:58:47 | 000,000,000 | ---D | C] -- C:\found.001
[2013.06.11 20:11:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.11 02:59:45 | 004,702,568 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013.06.11 02:59:23 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2013.06.11 02:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2013.06.11 00:44:20 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2013.06.11 00:39:59 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\assembly
[2013.06.11 00:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2013.06.11 00:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2013.06.10 22:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4game
[2013.06.10 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4game
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.08 22:35:52 | 000,165,376 | ---- | M] () -- C:\Users\Marco\Desktop\SystemLook_x64.exe
[2013.07.08 22:24:59 | 001,934,554 | ---- | M] (Farbar) -- C:\Users\Marco\Desktop\FRST64.exe
[2013.07.08 22:08:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000UA.job
[2013.07.08 19:57:44 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 19:57:44 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 19:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.08 19:50:13 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.08 19:36:37 | 000,547,139 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Marco\Desktop\JRT.exe
[2013.07.08 19:29:20 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.08 19:28:00 | 000,650,027 | ---- | M] () -- C:\Users\Marco\Desktop\adwcleaner.exe
[2013.07.06 13:42:59 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.07.06 13:08:42 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894934171-1551603685-868937202-1000Core.job
[2013.07.06 11:31:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.06 11:19:04 | 003,758,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.06 11:19:04 | 001,550,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.06 11:19:04 | 001,122,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.06 11:19:04 | 001,000,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.06 11:19:04 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.06 11:14:03 | 000,890,988 | ---- | M] () -- C:\Users\Marco\Desktop\SecurityCheck.exe
[2013.07.06 11:13:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
[2013.07.06 11:12:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2013.07.06 11:04:50 | 000,001,159 | ---- | M] () -- C:\Users\Marco\Desktop\Mozilla Firefox.lnk
[2013.06.29 17:19:15 | 000,086,897 | ---- | M] () -- C:\Users\Marco\Desktop\431087_4801023465413_1843190948_n.jpg
[2013.06.29 17:12:17 | 000,070,857 | ---- | M] () -- C:\Users\Marco\Desktop\208059_3714613865852_1429201059_n.jpg
[2013.06.27 15:01:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
[2013.06.24 21:14:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.20 23:12:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.20 11:16:51 | 000,001,121 | ---- | M] () -- C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
[2013.06.11 21:20:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.11 02:27:55 | 000,002,094 | ---- | M] () -- C:\Users\Marco\Desktop\Lineage II.lnk
[2013.06.11 00:39:40 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.08 22:36:33 | 000,165,376 | ---- | C] () -- C:\Users\Marco\Desktop\SystemLook_x64.exe
[2013.07.08 19:29:05 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.08 19:28:28 | 000,650,027 | ---- | C] () -- C:\Users\Marco\Desktop\adwcleaner.exe
[2013.07.06 13:42:59 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.07.06 11:31:26 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.06 11:16:14 | 000,001,159 | ---- | C] () -- C:\Users\Marco\Desktop\Mozilla Firefox.lnk
[2013.07.06 11:14:02 | 000,890,988 | ---- | C] () -- C:\Users\Marco\Desktop\SecurityCheck.exe
[2013.07.06 11:04:50 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.29 17:19:15 | 000,086,897 | ---- | C] () -- C:\Users\Marco\Desktop\431087_4801023465413_1843190948_n.jpg
[2013.06.29 17:12:16 | 000,070,857 | ---- | C] () -- C:\Users\Marco\Desktop\208059_3714613865852_1429201059_n.jpg
[2013.06.27 15:01:25 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-to-Play PTS Client.lnk
[2013.06.24 21:14:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.24 21:06:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.06.20 23:12:33 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.20 11:16:51 | 000,001,121 | ---- | C] () -- C:\Users\Marco\Desktop\NCLauncher - Verknüpfung.lnk
[2013.06.11 21:07:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 21:07:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 21:07:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 21:07:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 21:07:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 02:59:22 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013.06.11 02:27:55 | 000,002,094 | ---- | C] () -- C:\Users\Marco\Desktop\Lineage II.lnk
[2013.06.11 00:39:40 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2013.02.15 13:36:36 | 000,086,857 | ---- | C] () -- C:\Users\Marco\425745_549096938453821_492524886_n.jpg
[2013.01.30 02:11:37 | 000,034,890 | ---- | C] () -- C:\Users\Marco\66407_501073603264182_714443056_n.jpg
[2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.15 20:55:00 | 000,000,110 | ---- | C] () -- C:\Windows\clientshell.INI
[2012.02.17 17:06:39 | 001,639,104 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\UserTile.png
[2012.02.17 04:03:49 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.02.17 03:39:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.17 02:42:18 | 000,001,571 | ---- | C] () -- C:\Users\Marco\DivX Movies.lnk
[2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.29 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Audacity
[2013.04.11 16:26:45 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AVG
[2012.09.28 18:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AVG2013
[2012.03.23 20:42:05 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DAEMON Tools Lite
[2013.07.08 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Dropbox
[2012.12.21 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoft
[2012.08.02 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org
[2012.11.30 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Samsung
[2013.07.04 20:40:14 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Spotify
[2012.11.26 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TeamViewer
[2013.04.24 22:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TERA
[2013.05.24 01:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TS3Client
[2012.08.28 16:21:07 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TuneUp Software
[2013.06.20 10:47:30 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\uTorrent
[2012.04.03 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Windows Live Writer
[2012.03.10 10:45:14 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

M-K-D-B 09.07.2013 14:39
Servus,






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O4 - HKCU..\Run: [PC Performer43885.exe] "C:\Users\Marco\AppData\Local\Temp\PC Performer43885.exe" /XML="C:\Users\Marco\AppData\Local\Temp\5070.tmp" /ROS /STP=0:2 File not found
[2013.07.08 19:29:20 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

:files
C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b\PCPerformerSetup_BT.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASMANCS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{E07CF73B-F6F1-414C-8CB2-E5C95F54B8E4}C:\program files (x86)\torntv.com\torntv downloader.exe"=-
"UDP Query User{15ED0208-CFB3-49DA-A397-E61B5E1D3FB2}C:\program files (x86)\torntv.com\torntv downloader.exe"=-

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Teronius 10.07.2013 18:53
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Performer43885.exe deleted successfully.
C:\Windows\DeleteOnReboot.bat moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\Users\Marco\Downloads\PCPerformer-BitTorrent-b\PCPerformerSetup_BT.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Torntv Downloader_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E07CF73B-F6F1-414C-8CB2-E5C95F54B8E4}C:\program files (x86)\torntv.com\torntv downloader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15ED0208-CFB3-49DA-A397-E61B5E1D3FB2}C:\program files (x86)\torntv.com\torntv downloader.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marco
->Temp folder emptied: 784562 bytes
->Temporary Internet Files folder emptied: 15477804 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78733890 bytes
->Google Chrome cache emptied: 6516487 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58536416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2233610 bytes
 
Total Files Cleaned = 155,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07102013_083441

Files\Folders moved on Reboot...
C:\Users\Marco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marco\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\zptr\logs\service\4game-service.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Marco :: MARCITO [Administrator]

Schutz: Aktiviert

10.07.2013 08:39:14
mbam-log-2013-07-10 (08-39-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213891
Laufzeit: 5 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c15a7aac34b94340b995d953178e1420
# engine=14334
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-10 08:48:25
# local_time=2013-07-10 10:48:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 94 62173 60580089 0 0
# compatibility_mode=5893 16776574 100 94 20893058 125075955 0 0
# scanned=234324
# found=2
# cleaned=0
# scan_time=7100
sh=BB43432A7EDB62002A68BF11FA7B4E3917774CD9 ft=1 fh=79b26677d08d08c3 vn="Win32/LockScreen.AVP trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=7C9A7F9FC3BFB7E5D34EFB95E53AC8BC6229B0E5 ft=1 fh=9edfae49678ae37d vn="probably a variant of Win32/Spy.Banker.ZBC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Marco\AppData\Roaming\BAcroIEHelpe244.dll.vir"
Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 31 
 Java version out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (22.0)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
AVG 2013 zeigt er wahrscheinlich an, weil ich den noch auf aus hatte.

M-K-D-B 11.07.2013 18:30
Servus,



die Funde von ESET befinden sich in der Quarantäne und können keinen Schaden mehr anrichten. :)



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
    Java Download (64 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 25 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
schneller Plugin-Test: PluginCheck





Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 3
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Teronius 12.07.2013 12:08
Klappt alles super und hab alles gemacht, wie dus gesagt hast :)

Vielen Dank :)
Wenn ich nächsten Monat wieder zu Geld komme spende ich gerne etwas.

M-K-D-B 12.07.2013 17:09
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131