Facebook Link

Hawkey3281 · 20.08.2012, 20:31

Hey ein Kumpel hat mir bei Facebook einen Link(hotfile) geschickt und ich bin da dummer weisse raufgegangen chrome hat das gedownloadet aber ich habe nicht auf ausführen gedrückt.Habe die Datei dann über Chrome gelöscht und mit Kapersky ein System Check gemacht der nix gefunden hat habe ich jetzt das Teil drauf ??

mfg hawkey

t'john · 20.08.2012, 20:50

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

Hawkey3281 · 20.08.2012, 22:56

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.08.2012 23:41:25 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\*\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 50,21% Memory free
7,73 Gb Paging File | 5,50 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 188,09 Gb Free Space | 66,00% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: *| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8AB521-4887-4D0C-8CDD-796CD6DF82FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{14D3082E-D447-4A9F-978F-075F56919959}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1DB3C0BB-B197-42C8-ACFB-81000F6D3A1B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{22BB083E-862D-4B86-BCC2-65DDC3F6D247}" = rport=445 | protocol=6 | dir=out | app=system | 
"{331CC07E-E44A-4CCB-B7D4-C5709AE9FE88}" = rport=139 | protocol=6 | dir=out | app=system | 
"{35276FE7-6F31-463F-81A8-77D181A1B11D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38D17F35-E933-48D9-969B-99154972E747}" = lport=138 | protocol=17 | dir=in | app=system | 
"{505A563C-F105-43C3-BDE6-E55BAE1152EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54E38878-9AE2-4313-8D86-BBEA6732C551}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68C76C31-174C-4305-BD71-1F69716164A3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{708FCB97-EE50-4E13-82F3-31D02A531F32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7483931A-E1EE-4D02-B2FE-B6D0C418F714}" = rport=137 | protocol=17 | dir=out | app=system | 
"{78976262-298B-4222-BA05-D716B918BCF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{815A038C-B9A3-4B68-A76B-2FD4C793FA33}" = lport=137 | protocol=17 | dir=in | app=system | 
"{999D0C5C-AB32-43E1-B9DB-9BED8DB089AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EFA4D01-AEBB-4FFC-8512-A5DFEA5C91BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F132B1F-B3EB-41FA-8FE2-C1B4923F67DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A36FBCBA-5CDB-4F9E-9FDE-64DC0D978262}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A817D5BA-2DA9-4673-A7AC-D3621E88EDAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B52F6A7E-6381-40E5-9F18-4EFFDA88D3F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C441C26F-7501-477F-A1C8-5FFE2C97D411}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C90C4FD4-5838-435C-ADF1-7C1E4D495C92}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF01BDD8-D067-4CBB-A8E4-DACC840AA7F6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D03E0149-787F-4BC0-91FD-60C1EE2C1E34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EDCACED9-719F-459F-BC29-BCA083543782}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000DD1F4-4CC0-4992-9484-B5424BCBE62B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0FDE86D0-E78F-480F-BB2E-7339DF4BA6F8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{1138EBE9-E75F-4454-88B8-85C8487770E6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{1453C6B8-FE01-4148-A0ED-33FB33B4FBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1C5465E6-6619-4417-A414-EAA94541BBA5}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{25C00082-5FE3-4D0D-BD77-44BC4FAD7445}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{28B0A834-F570-4C81-A781-A5C0CFC007AB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{2FBF2182-C071-4DF3-8FC6-571B585EEE1F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{35F0266F-33F7-4BB1-89B7-E0D1D01E006A}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{3F892F85-6A67-4D39-83B5-87E4EB9FC531}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{48B72B8D-4F47-46E1-ABDC-2472609164AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EBFA732-36CF-48F5-95EB-14D48C7BF590}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54B12849-40A6-4117-AFB4-A741C6E6D3DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{593FEF3D-FEB1-41C0-9280-2BDA7E12251E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5F2BE119-0F7E-49CB-A67E-3EF033115F1E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{62173CF9-254D-4C19-9D03-20010663C4F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{65E34746-F93E-4DEE-AEE7-2EEF30A6648D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{680E4AA2-5ABC-4EFB-8219-9E2874BA0235}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{6BD6947B-9E95-4A0D-A69D-54E33C3ACBB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{71F67D13-E4CA-4957-BF7B-8B7040F9AA2D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{744D8040-214E-4E35-B7D6-1AF603CB3A1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7AE6F3D9-5B33-4410-B412-3CFF738F715B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7DBB2F2A-518A-4D2A-9D08-996D9CF57E9C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7F0B7B17-6987-485D-A5B9-1F0BC9705ACC}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\local\temp\update_cccf.exe | 
"{88378A03-0175-4CCB-ACB4-82317BA800AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8A01E754-6B7B-4834-BD80-4601E9047C94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8AF8C6E9-7627-40F4-B490-3C76BDA87206}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A72121B-B17D-418A-BF36-DE61ABB4C517}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D6623BF-57A2-483B-ACD7-60AE211696E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A306DF60-A17E-488F-8F88-F6EB15D17DC1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ABB8F486-C70A-4449-A7A1-A3D3E5CA0B7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADF7F155-2DF2-4C5A-A162-83F2F7665384}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\local\temp\update_cccf.exe | 
"{B0DD2EAD-C10F-4EBF-9268-D4BF729DA22E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BA60A708-7250-490D-A72D-BE0EBE5D4E58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C110EAC9-8456-4A11-8DC8-E65CE43EC3F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{C8A3810C-E4EF-4087-AD73-F3D4753C5504}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{D39855A1-ED83-41A1-80E2-0CC86DB5D3A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4DF7D7B-59E1-4A68-9208-096AF98054D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5B0A94C-2BF7-4616-B872-71FC7CBCE94E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D632844C-4C96-431D-8566-80BA6AE22A27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEA08C0A-F9F0-4297-892F-3B9EEAFAD8E0}" = protocol=6 | dir=out | app=system | 
"{E838EBE8-3A63-4E04-A9C3-D21CD6D1EC6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F7FDAFF1-7F7C-42CB-A691-6940C902E6F5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{11FB7CFC-D499-437C-9C9E-79B094C7B462}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{1D5E4793-6E0B-405A-BA71-6698A6F6C6A9}C:\program files (x86)\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe | 
"TCP Query User{24B34EF2-229B-4565-9DB1-63E0DCECA22A}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | 
"TCP Query User{2813381A-27AA-4AFB-BB79-3E11DACBF58C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{507FC5F3-A612-49A4-8456-C53D4AD9E8C7}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{52F67B8F-875A-49D5-9F34-A2D3A56BF6C4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E046E90E-EEBF-4540-BF39-B78D5B3F8F74}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{03258AD2-3BA7-48D7-A894-2A436276AD67}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{13135A24-D24B-4C14-B1A3-8D44237A7C47}C:\program files (x86)\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe | 
"UDP Query User{30541493-E5F5-4CB0-9C2A-1DF1A1B1D175}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{3BB32931-C489-4B12-AEBA-E47F546ED28C}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{49BF595C-8C2C-4A16-87D4-22CC7035FA10}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | 
"UDP Query User{5F551D8C-7876-44CF-9599-8BFD02D949E3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{CD7D0F12-26E0-4A41-A37D-6E0FA388F5AF}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA64B79-30A1-F52E-D801-B07CF05FFFAF}" = ccc-utility64
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}" = ATI Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{016095EE-5BB3-791C-A558-06412FF78691}" = CCC Help Russian
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{10F4A085-EA81-594B-C0B8-ADF013D26B8E}" = CCC Help Turkish
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1942E836-414C-4414-672B-93FCC8CC18AB}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{284AE43C-30E4-B57E-A234-05496D05AB68}" = Catalyst Control Center Graphics Previews Vista
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32354BAB-8BAE-7189-6E3F-922D47292D3D}" = CCC Help Czech
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5735A865-CD31-5788-DA38-AAB06EAED9F4}" = CCC Help Hungarian
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5901E428-EC91-71EE-BA56-9417E40BE182}" = ccc-core-static
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60AA5155-39C7-14AA-FB4B-489B1C8DE9A1}" = CCC Help Chinese Traditional
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72449E65-4852-2FD9-F603-D77E39DD3CF6}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7703542C-3842-C5EE-2452-B006F441A162}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F529418-344D-3792-F7B6-04EB805F5931}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115462930}" = Way To Go! Bowling
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91F29ED6-6C82-F83D-BF8D-3E67D18E7249}" = Catalyst Control Center Localization All
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{990EEE1A-4D64-16AF-A944-AD97AE080D26}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A98031B-0A1A-AFDC-87F4-AAFDC1E97B7D}" = CCC Help Portuguese
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}" = EasyRecovery Professional Trial
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AEAA9D8A-A347-0FC4-5CAF-D9F2236FCF49}" = CCC Help French
"{AEB43F42-8F9D-DBD8-0B11-941CC27C174A}" = CCC Help Norwegian
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2EE73BE-CD73-6EC9-A5A0-0E080A60A00E}" = CCC Help Chinese Standard
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFCF4223-BC7B-110C-4E19-5FF025721C4B}" = CCC Help Spanish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E17D581A-6949-6A53-7A18-E80C6BDCC800}" = CCC Help Italian
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E96D1A04-B0B4-0788-D70F-0A9BB9C503BD}" = CCC Help Korean
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB5E21BC-AC56-A45D-5593-A1C55A380677}" = CCC Help Swedish
"{ECEDC447-3EED-6F90-CB39-0A49BD2D63DE}" = CCC Help Thai
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF45FBBD-3CE8-698B-AC44-C693468F53D3}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F73D3B6A-4E5F-E93D-C7C3-65DE80BEE0E7}" = CCC Help Dutch
"{F9D7691A-E3CD-EF15-DE38-EDF0BB1E345F}" = CCC Help Japanese
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Call of Duty" = Call of Duty
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-Shutdown" = Easy-Shutdown 1.3 
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HyperCam 3" = HyperCam 3
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PokerStars" = PokerStars
"SCAR Divi_is1" = SCAR Divi CDE 3.33.00
"Skispringen 2007_0001" = Skispringen 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Wajam" = Wajam
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1549261913-4132294393-3359713590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2011 10:11:51 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 26.11.2011 10:12:53 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.11.2011 10:13:39 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.11.2011 14:53:43 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 27.11.2011 14:54:42 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.11.2011 14:55:28 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.11.2011 16:40:30 | Computer Name = Fabio-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.119, Zeitstempel:
 0x4e803bca  Name des fehlerhaften Moduls: Skype.exe, Version: 5.5.0.119, Zeitstempel:
 0x4e803bca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00664393  ID des fehlerhaften Prozesses:
 0x1554  Startzeit der fehlerhaften Anwendung: 0x01ccad36ffefae47  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Skype\Phone\Skype.exe  Berichtskennung: 0b2a3094-1938-11e1-8410-1c75080712ec
 
Error - 28.11.2011 13:38:11 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 28.11.2011 13:39:07 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 28.11.2011 13:39:48 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 18.08.2012 06:55:15 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 18.08.2012 06:55:16 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1053
 
Error - 18.08.2012 06:55:41 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 19.08.2012 06:13:13 | Computer Name = Fabio-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?08.?2012 um 01:39:22 unerwartet heruntergefahren.
 
Error - 19.08.2012 06:14:00 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 20.08.2012 13:17:42 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 20.08.2012 16:11:40 | Computer Name = Fabio-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?08.?2012 um 21:43:49 unerwartet heruntergefahren.
 
Error - 20.08.2012 16:12:17 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 20.08.2012 17:37:09 | Computer Name =*-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?08.?2012 um 23:35:33 unerwartet heruntergefahren.
 
Error - 20.08.2012 17:37:46 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.08.2012 23:41:25 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Fabio\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 50,21% Memory free
7,73 Gb Paging File | 5,50 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 188,09 Gb Free Space | 66,00% Space Free | Partition Type: NTFS
 
Computer Name: FABIO-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Users\Fabio\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612102545l0444z1i5v4832232o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612102545l0444z1i5v4832232o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612102545l0444z1i5v4832232o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{30A37F9E-7BD3-452E-85DB-9F19DC6A6480}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612102545l0444z1i5v4832232o
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes\{30A37F9E-7BD3-452E-85DB-9F19DC6A6480}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE411DE411
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE411DE411
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=2cdade6c0000000000004c0f6e3d6ae1&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabio\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabio\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fabio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.05.04 16:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.04 16:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.04 16:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 23:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.18 01:15:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 23:00:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.18 01:15:47 | 000,000,000 | ---D | M]
 
[2011.03.02 17:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2011.05.13 15:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\bjf3gc8y.default\extensions
[2011.05.13 15:34:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\bjf3gc8y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.04 18:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\dhtwkwih.default\extensions
[2011.05.13 15:34:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\dhtwkwih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\dhtwkwih.default\searchplugins\startsear.xml
[2012.01.03 03:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.23 15:29:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2012.07.04 18:05:23 | 000,080,872 | ---- | M] () (No name found) -- C:\USERS\FABIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DHTWKWIH.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
[2012.07.21 23:00:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.03.11 14:13:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.11 14:13:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.11 14:13:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.11 14:13:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 14:13:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.11 14:13:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fabio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Wajam = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Google Mail = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1549261913-4132294393-3359713590-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F22BA9D-C987-435E-B976-DC63D99DB484}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{10390ed3-851c-11e0-8780-1c75080712ec}\Shell - "" = AutoRun
O33 - MountPoints2\{10390ed3-851c-11e0-8780-1c75080712ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{736e715d-b30c-11e0-be24-1c75080712ec}\Shell - "" = AutoRun
O33 - MountPoints2\{736e715d-b30c-11e0-be24-1c75080712ec}\Shell\AutoRun\command - "" = E:\jones3d.exe
O33 - MountPoints2\{736e715f-b30c-11e0-be24-1c75080712ec}\Shell - "" = AutoRun
O33 - MountPoints2\{736e715f-b30c-11e0-be24-1c75080712ec}\Shell\AutoRun\command - "" = F:\jones3d.exe
O33 - MountPoints2\{c7ae3c0c-b376-11e0-bfa9-1c75080712ec}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ae3c0c-b376-11e0-bfa9-1c75080712ec}\Shell\AutoRun\command - "" = E:\setup.exe.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 22:16:16 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Malwarebytes
[2012.08.20 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.20 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.20 22:15:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.20 22:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.20 21:16:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Fabio\Desktop\OTL.exe
[2012.08.16 22:05:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 22:05:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 22:05:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 22:05:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 22:05:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 22:05:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 22:05:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 22:05:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 22:05:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 22:05:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 22:05:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 22:05:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 22:05:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 15:18:13 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 15:18:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 15:18:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 15:18:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 15:18:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 15:18:07 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 15:18:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 15:18:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 19:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2012.08.14 19:21:41 | 000,000,000 | ---D | C] -- C:\fifa
[2012.08.12 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012.08.12 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Wajam
[2012.08.12 12:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012.08.04 21:03:42 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Desktop\Hochzeit
[2012.07.31 14:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.31 14:52:08 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Documents\FIFA 12
[2012.07.31 14:51:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.07.31 14:51:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.07.31 14:51:39 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.07.31 14:51:39 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.07.31 14:51:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.07.31 14:51:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.07.31 14:51:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.07.31 14:51:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.07.31 14:51:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.07.31 14:51:35 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.07.31 14:51:35 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.07.31 14:51:35 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.07.31 14:51:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.07.31 14:51:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.07.31 14:51:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.07.31 14:51:33 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.07.31 14:51:33 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.07.31 14:51:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.07.31 14:51:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.07.31 14:51:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.07.31 14:51:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.07.31 14:51:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.07.31 14:51:32 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.07.31 14:51:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.07.31 14:51:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.07.31 13:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.07.31 13:18:46 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Origin
[2012.07.31 13:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.31 13:17:50 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Origin
[2012.07.31 13:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.31 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.07.30 21:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.07.30 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.07.30 13:21:35 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2012.07.30 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\MotioninJoy
[2012.07.30 13:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012.07.30 13:21:34 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012.07.30 13:21:34 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2012.07.30 13:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012.07.27 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\fontconfig
[2012.07.27 21:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\gegl-0.2
[2012.07.27 21:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fabio\.gimp-2.8
[2012.07.27 21:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[106 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 23:45:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 23:45:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 23:38:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 23:37:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.20 23:37:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 23:37:04 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.20 22:59:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1549261913-4132294393-3359713590-1001UA.job
[2012.08.20 22:59:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.20 22:17:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.20 21:16:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabio\Desktop\OTL.exe
[2012.08.20 19:59:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1549261913-4132294393-3359713590-1001Core.job
[2012.08.19 00:34:56 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.19 00:34:56 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.19 00:33:53 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.19 00:33:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.19 00:29:49 | 000,000,017 | ---- | M] () -- C:\Users\Fabio\AppData\Local\resmon.resmoncfg
[2012.08.17 17:35:12 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 20:00:40 | 000,002,457 | ---- | M] () -- C:\Users\Fabio\Desktop\Google Chrome.lnk
[2012.08.15 19:38:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:38:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.05 12:58:17 | 530,366,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.04 20:50:29 | 001,643,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 20:50:29 | 000,708,018 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 20:50:29 | 000,661,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 20:50:29 | 000,153,320 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 20:50:29 | 000,125,528 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.31 21:55:25 | 000,001,352 | ---- | M] () -- C:\Users\Fabio\Documents\AutoHotkey.ahk
[2012.07.31 14:51:44 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012.07.31 13:17:50 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.31 13:17:50 | 000,000,071 | ---- | M] () -- C:\Windows\wininit.ini
[2012.07.30 13:28:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.07.30 13:28:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012.07.30 13:25:22 | 000,121,416 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012.07.30 13:21:35 | 000,000,927 | ---- | M] () -- C:\Users\Fabio\Desktop\DS3 Tool.lnk
[2012.07.30 13:13:05 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.27 21:10:55 | 000,000,866 | ---- | M] () -- C:\Users\Fabio\AppData\Local\recently-used.xbel
[2012.07.27 19:13:50 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\PUTTY.RND
[2012.07.23 15:57:02 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.07.23 15:57:02 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[106 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.20 22:16:00 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.19 00:33:52 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.19 00:33:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.19 00:29:49 | 000,000,017 | ---- | C] () -- C:\Users\Fabio\AppData\Local\resmon.resmoncfg
[2012.07.31 21:55:25 | 000,001,352 | ---- | C] () -- C:\Users\Fabio\Documents\AutoHotkey.ahk
[2012.07.31 14:51:44 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012.07.31 13:17:50 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.31 13:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.30 13:28:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.07.30 13:28:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012.07.30 13:21:35 | 000,000,927 | ---- | C] () -- C:\Users\Fabio\Desktop\DS3 Tool.lnk
[2012.07.30 13:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.07.27 21:10:55 | 000,000,866 | ---- | C] () -- C:\Users\Fabio\AppData\Local\recently-used.xbel
[2012.07.27 21:05:26 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.27 19:04:01 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\PUTTY.RND
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.24 12:47:57 | 000,017,408 | ---- | C] () -- C:\Users\Fabio\AppData\Local\WebpageIcons.db
[2011.11.08 19:34:58 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{04CEDC76-4158-4E1C-B422-44DB7272C4F6}
[2011.10.02 21:29:00 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{52F38917-17D5-4920-AD70-95ED8D12667A}
[2011.09.27 19:42:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.08.30 16:21:08 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{FE12A02C-56FD-425F-B2E2-12857553C57D}
[2011.08.27 09:46:02 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{F0B23EE2-F45F-4F31-A29E-CC7049980FB0}
[2011.08.18 16:40:05 | 000,031,232 | ---- | C] () -- C:\Users\Fabio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.18 14:25:41 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{E8AC3B24-5D1E-43F2-8549-8BE487C02DAB}
[2011.08.03 15:56:53 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{338B9B36-53EA-42D8-BEB8-E656FDAF797E}
[2011.07.22 15:50:35 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Local\{8F1B9EDA-0217-4FB5-919A-1D185D8C9B0A}
[2011.07.22 00:26:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.04.29 03:25:53 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2011.04.13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.13 17:10:56 | 001,621,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.08 22:50:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.26 18:12:54 | 000,688,128 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010.12.26 18:12:54 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2010.12.24 19:46:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.07 17:13:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.07 17:08:01 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.03.18 20:49:14 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\.minecraft
[2012.04.28 12:18:09 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Canon
[2011.12.14 02:37:07 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DAEMON Tools Lite
[2011.12.03 00:21:53 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DAEMON Tools Pro
[2011.08.18 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DVDVideoSoft
[2011.01.29 23:11:35 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.19 23:09:55 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\EurekaLog
[2011.08.06 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\go
[2012.03.23 23:51:58 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\gtk-2.0
[2011.12.31 01:59:58 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Liteon
[2012.07.30 13:21:35 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\MotioninJoy
[2011.05.07 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\OfficeRecovery
[2011.01.07 21:59:32 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\OpenOffice.org
[2011.03.02 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Opera
[2012.08.09 18:44:56 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Origin
[2010.12.26 03:30:17 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Pogo Games
[2012.04.28 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Samsung
[2012.05.14 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\SoftGrid Client
[2012.05.18 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Solveig Multimedia
[2012.04.29 00:03:07 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Temp
[2011.02.13 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TP
[2011.04.25 00:40:07 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TuneUp Software
[2011.12.14 03:09:31 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Ubisoft
[2012.08.05 12:59:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2D0C22DC

< End of report >

--- --- ---

.....................

t'john · 21.08.2012, 03:28

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hawkey3281 · 21.08.2012, 18:30

Log file malware

Zitat:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.20.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fabio :: + [Administrator]

Schutz: Aktiviert

20.08.2012 22:20:05
mbam-log-2012-08-20 (22-20-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384971
Laufzeit: 1 Stunde(n), 15 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Fabio\AppData\Local\Temp\is-8DGSD.tmp\InstallManager.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

2012/08/20 22:17:30 +0200 FABIO-PC Fabio MESSAGE Starting protection
2012/08/20 22:17:33 +0200 FABIO-PC Fabio MESSAGE Protection started successfully
2012/08/20 22:17:36 +0200 FABIO-PC Fabio MESSAGE Starting IP protection
2012/08/20 22:17:38 +0200 FABIO-PC Fabio MESSAGE IP Protection started successfully
2012/08/20 22:17:47 +0200 FABIO-PC Fabio MESSAGE Starting database refresh
2012/08/20 22:17:47 +0200 FABIO-PC Fabio MESSAGE Stopping IP protection
2012/08/20 22:19:33 +0200 FABIO-PC Fabio MESSAGE Executing scheduled update: Daily
2012/08/20 22:19:34 +0200 FABIO-PC Fabio MESSAGE Database already up-to-date
2012/08/20 22:19:52 +0200 FABIO-PC Fabio MESSAGE IP Protection stopped
2012/08/20 22:19:54 +0200 FABIO-PC Fabio MESSAGE Database refreshed successfully
2012/08/20 22:19:54 +0200 FABIO-PC Fabio MESSAGE Starting IP protection
2012/08/20 22:19:56 +0200 FABIO-PC Fabio MESSAGE IP Protection started successfully
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 52990, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 52993, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 52992, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 52996, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 52997, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53000, Process: avp.exe)
2012/08/20 22:40:56 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53037, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53054, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53055, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53056, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53057, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53058, Process: avp.exe)
2012/08/20 22:41:04 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 53059, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54003, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54004, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54005, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54006, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54008, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54007, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54024, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54036, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54041, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54046, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54048, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54049, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54047, Process: avp.exe)
2012/08/20 22:47:47 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54050, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54417, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54420, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54421, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54422, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54423, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54424, Process: avp.exe)
2012/08/20 23:24:48 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 54432, Process: avp.exe)
2012/08/20 23:38:07 +0200 FABIO-PC Fabio MESSAGE Starting protection
2012/08/20 23:38:10 +0200 FABIO-PC Fabio MESSAGE Protection started successfully
2012/08/20 23:38:13 +0200 FABIO-PC Fabio MESSAGE Starting IP protection
2012/08/20 23:38:15 +0200 FABIO-PC Fabio MESSAGE IP Protection started successfully
2012/08/20 23:43:20 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49681, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49682, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49683, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49685, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49684, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49686, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49688, Process: avp.exe)
2012/08/20 23:43:21 +0200 FABIO-PC Fabio IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49698, Process: avp.exe)

Zitat:

2012/08/21 19:21:07 +0200 FABIO-PC Fabio MESSAGE Starting protection
2012/08/21 19:21:11 +0200 FABIO-PC Fabio MESSAGE Protection started successfully
2012/08/21 19:21:14 +0200 FABIO-PC Fabio MESSAGE Starting IP protection
2012/08/21 19:21:16 +0200 FABIO-PC Fabio MESSAGE IP Protection started successfully
2012/08/21 19:24:17 +0200 FABIO-PC Fabio MESSAGE Executing scheduled update: Daily
2012/08/21 19:24:28 +0200 FABIO-PC Fabio MESSAGE Scheduled update executed successfully: database updated from version v2012.08.20.09 to version v2012.08.21.10
2012/08/21 19:24:28 +0200 FABIO-PC Fabio MESSAGE Starting database refresh
2012/08/21 19:24:28 +0200 FABIO-PC Fabio MESSAGE Stopping IP protection
2012/08/21 19:26:51 +0200 FABIO-PC Fabio MESSAGE IP Protection stopped
2012/08/21 19:26:53 +0200 FABIO-PC Fabio MESSAGE Database refreshed successfully
2012/08/21 19:26:53 +0200 FABIO-PC Fabio MESSAGE Starting IP protection
2012/08/21 19:26:56 +0200 FABIO-PC Fabio MESSAGE IP Protection started successfully

adwcleaner

Zitat:

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 19:26:27
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User :+ - +-PC
# Boot Mode : Normal
# Running from : C:\Users\+\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\+\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Users\+o\AppData\Local\Minibar
Folder Found : C:\Users\+o\AppData\Local\Wajam
Folder Found : C:\Users\+o\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\+\AppData\LocalLow\Conduit
Folder Found : C:\Users\+\AppData\LocalLow\PriceGong
Folder Found : C:\Users\\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\ProgramData\Partner
File Found : C:\Users\+\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\+\AppData\Roaming\Mozilla\Firefox\Profiles\dhtwkwih.default\searchplugins\Startsear.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Wajam
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wajam
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKCU\Software\Wajam
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
[x64] Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\dhtwkwih.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.order.1", "Web Search");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "75009853F00713AC306EBE9F287755F5");
Found : user_pref("extensions.BabylonToolbar.lastActv", "24");
Found : user_pref("extensions.BabylonToolbar.lastDP", 24);
Found : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Found : user_pref("extensions.facemoods.dfltSrch", false);
Found : user_pref("extensions.facemoods.dnsErr", false);
Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.3");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.first_time", false);
Found : user_pref("extensions.facemoods.hmpg", false);
Found : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Found : user_pref("extensions.facemoods.id", "_#2cdade6c0000000000004c0f6e3d6ae1");
Found : user_pref("extensions.facemoods.instlDay", "_#15244");
Found : user_pref("extensions.facemoods.lastActv", "28");
Found : user_pref("extensions.facemoods.mntz", "");
Found : user_pref("extensions.facemoods.newTab", false);
Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Found : user_pref("extensions.facemoods.searchProviderAdded", false);
Found : user_pref("extensions.facemoods.sid", "_#8d146fda682d4729a5b0b0ec028cd2f1");
Found : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Found : user_pref("extensions.facemoods.update", "_#v1.4.0");
Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=2cdade6c0000000000004c0f6e3[...]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\+\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "explicit_host": [ "hxxp://*.wajam.com/*", "hxxp://*/*", "hxxps://*/*" ],
Found : "name": "Wajam",
Found : "permissions": [ "hxxp://*.wajam.com/*", "bookmarks", "tabs", "hxxp://*/*", "hxxps://[...]
Found : "update_url": "hxxp://www.wajam.com/update/Chrome/chrome_addon_updates.xml",
Found : "name": "vShare.tv plug-in",
Found : "path": "C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npvsharetvplg.dll",
Found : "name": "vShare.tv plug-in"
Found : "path": "C:\\Users\\+\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

-\\ Opera v [Unable to get version]

File : C:\Users\+\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8809 octets] - [21/08/2012 19:25:18]
AdwCleaner[R2].txt - [8782 octets] - [21/08/2012 19:26:27]

########## EOF - C:\AdwCleaner[R2].txt - [8910 octets] ##########

Bei Malware waren 3 Log dateien hoffe das sind die richtigen

t'john · 22.08.2012, 00:35

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Hawkey3281 · 22.08.2012, 15:50

Wenn ich auf delate drücke beim cleaner dann startet er neu aber zeigt mir keine log datei an habe sie auch unter dem angegebenen pfad gesucht nix gefunden....

Ah hab es gefunden

cleaner

Zitat:

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 16:20:26
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : + - +-PC
# Boot Mode : Normal
# Running from : C:\Users\+\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\+\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\+\AppData\Local\Minibar
Folder Deleted : C:\Users\+\AppData\Local\Wajam
Folder Deleted : C:\Users\+\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\+\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\+\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\+\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\+\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\Partner
Deleted on reboot : C:\Users\+\AppData\Local\TempC:\Program Files (x86)\Software
File Deleted : C:\Users\+\AppData\Roaming\Mozilla\Firefox\Profiles\dhtwkwih.default\searchplugins\Startsear.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wajam

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\+\AppData\Roaming\Mozilla\Firefox\Profiles\dhtwkwih.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "75009853F00713AC306EBE9F287755F5");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "24");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);
Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.dfltSrch", false);
Deleted : user_pref("extensions.facemoods.dnsErr", false);
Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.3");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.hmpg", false);
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Deleted : user_pref("extensions.facemoods.id", "_#2cdade6c0000000000004c0f6e3d6ae1");
Deleted : user_pref("extensions.facemoods.instlDay", "_#15244");
Deleted : user_pref("extensions.facemoods.lastActv", "28");
Deleted : user_pref("extensions.facemoods.mntz", "");
Deleted : user_pref("extensions.facemoods.newTab", false);
Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Deleted : user_pref("extensions.facemoods.searchProviderAdded", false);
Deleted : user_pref("extensions.facemoods.sid", "_#8d146fda682d4729a5b0b0ec028cd2f1");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=2cdade6c0000000000004c0f6e3[...]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\+\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "explicit_host": [ "hxxp://*.wajam.com/*", "hxxp://*/*", "hxxps://*/*" ],
Deleted : "name": "Wajam",
Deleted : "permissions": [ "hxxp://*.wajam.com/*", "bookmarks", "tabs", "hxxp://*/*", "hxxps://[...]
Deleted : "update_url": "hxxp://www.wajam.com/update/Chrome/chrome_addon_updates.xml",
Deleted : "name": "vShare.tv plug-in",
Deleted : "path": "C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npvsharetvplg.dll",
Deleted : "name": "vShare.tv plug-in"
Deleted : "path": "C:\\Users\\Fabio\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

-\\ Opera v [Unable to get version]

File : C:\Users\+\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8809 octets] - [21/08/2012 19:25:18]
AdwCleaner[R2].txt - [8805 octets] - [21/08/2012 19:26:27]
AdwCleaner[S1].txt - [7571 octets] - [22/08/2012 16:20:26]

########## EOF - C:\AdwCleaner[S1].txt - [7699 octets] ##########

emsisoft

Zitat:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.08.2012 16:58:17

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 22.08.2012 16:59:44

c:\users\fabio\appdata\roaming\pogo games\common\cache gefunden: Trace.File.lottso!E1
c:\users\fabio\appdata\roaming\pogo games\common gefunden: Trace.File.lottso!E1
c:\users\fabio\appdata\roaming\pogo games gefunden: Trace.File.lottso!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
C:\Users\Fabio\AppData\Local\Temp\is1070216317\MyBabylonTB.exe gefunden: Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Program Files (x86)\SCAR Divi\bin\assoc.exe gefunden: Trojan-GameThief.Win32.Nilage!E2

Gescannt 635233
Gefunden 20

Scan Ende: 22.08.2012 18:05:31
Scan Zeit: 1:05:47

t'john · 22.08.2012, 17:39

Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hawkey3281 · 22.08.2012, 18:02

explorer ??
Internet Explorer ??

t'john · 22.08.2012, 18:04

Dateiexplorer

Hawkey3281 · 22.08.2012, 18:05

Ok danke bin dabei

Log von eset

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b81cbe08a675843bd43a14c86de5a8f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-22 06:54:50
# local_time=2012-08-22 08:54:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 20935013 20935013 0 0
# compatibility_mode=5893 16776573 100 94 7581 97284790 0 0
# compatibility_mode=8192 67108863 100 0 183 183 0 0
# scanned=201357
# found=4
# cleaned=4
# scan_time=6792
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1MQF32E\JDownloaderSetup_CH4[1].exe a variant of Win32/InstallCore.AL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Fabio\AppData\Local\Temp\Update_67ec.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Fabio\AppData\Local\Temp\Update_9cac.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Fabio\AppData\Local\Temp\Update_fde9.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C

t'john · 23.08.2012, 16:24

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Hawkey3281 · 23.08.2012, 17:45

Zitat:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 21.0.1180.83 ist aktuell
Flash 11,3,31,230 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.
undefined

Habe den Flash Player aktuall. aber da steht trotzdem noch veraltet und wenn ich auf den Update button klicke steht da das die neuste Version bereits drauf ist. Nach Neustart immer noch so

t'john · 23.08.2012, 18:53

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

Hawkey3281 · 23.08.2012, 19:30

Danke für die Hilfe

Sehr nett

Sollte ich jetzt meine Passwörter alle ändern ?

22.08.2012, 18:04	#10
t'john /// Helfer-Team	Facebook Link Dateiexplorer __________________ Mfg, t'john Das TB unterstützen

Facebook Link

Log-Analyse und Auswertung: Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Facebook Link

Ähnliche Themen: Facebook Link

20.08.2012, 20:31	#1
Hawkey3281	Facebook Link Hey ein Kumpel hat mir bei Facebook einen Link(hotfile) geschickt und ich bin da dummer weisse raufgegangen chrome hat das gedownloadet aber ich habe nicht auf ausführen gedrückt.Habe die Datei dann über Chrome gelöscht und mit Kapersky ein System Check gemacht der nix gefunden hat habe ich jetzt das Teil drauf ?? mfg hawkey

22.08.2012, 18:02	#9
Hawkey3281	Facebook Link explorer ?? Internet Explorer ??

23.08.2012, 19:30	#15
Hawkey3281	Facebook Link Danke für die Hilfe Sehr nett Sollte ich jetzt meine Passwörter alle ändern ?