Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unberechtigte Remotezugriffe auf meinem Rechner ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.10.2012, 09:49   #1
janeway
 
Unberechtigte Remotezugriffe auf meinem Rechner ? - Standard

Unberechtigte Remotezugriffe auf meinem Rechner ?



Guten morgen,

ich habe mich vorgestern in Wikipedia über das "Netbus"-Programm informiert, dabei dann nach der sysedit.exe auf meinem system gesucht, und bingo, auch gefunden.

Als ich gestern morgen die sysedit.exe nochmals suchen und ansehen wollte, war sie nicht mehr aufzufinden. Ansonsten hab ich eigentlich keine Probleme mit meinem PC. Vorgestern wurden nur auf einmal anscheinend alle Seitenaufrufe im Firefox über eine Pishing Seite geleitet, die WEB.DE toolbar meldete sich jedenfalls und hat das wohl verhindert und eine Meldung herausgegeben.

Ich bin durch eine Freundin darauf gekommen, mal danach zu suchen. Wir sind zusammen in einer Gruppe und dort gibt es jemanden, den wir leider verdächtigen, unberechtigte Remote-Zugriffe vor allem bei der Freundin zu tätigen. Sie hat jedenfalls ständig Probleme mit ihrem PC, die sich auch durch eine Neuinstallation nicht verringern ließen bzw. 4 Tage hatte sie Ruhe, und dann ging es wieder los.

Was kann ich jetzt tun, oder sollte ich jetzt tun?

Ich hab die Avira Internet Security auf meinem Rechner, sie hat nix gemeldet.

Mit freundlichen Grüßen
janeway

hier mein OTL-Text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.10.2012 07:57:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 39,89% Memory free
13,94 Gb Paging File | 11,14 Gb Available in Paging File | 79,90% Paging File free
Paging file location(s): d:\pagefile.sys 0 0m:\pagefile.sys 6117 6117 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,51 Gb Total Space | 1,54 Gb Free Space | 2,93% Space Free | Partition Type: NTFS
Drive D: | 239,26 Gb Total Space | 41,99 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 30,76 Gb Total Space | 0,84 Gb Free Space | 2,74% Space Free | Partition Type: NTFS
Drive F: | 28,07 Gb Total Space | 0,42 Gb Free Space | 1,49% Space Free | Partition Type: NTFS
Drive G: | 616,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 14,96 Gb Total Space | 2,51 Gb Free Space | 16,75% Space Free | Partition Type: FAT32
Drive M: | 878,90 Gb Total Space | 574,75 Gb Free Space | 65,39% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 07:45:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.10 07:42:26 | 000,050,477 | ---- | M] () -- M:\Downloads\Downloads ab 3-10-12\Defogger.exe
PRC - [2012.10.08 22:59:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.09.13 07:35:42 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.09.09 04:49:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.08.08 11:24:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.06.29 12:25:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.29 12:24:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.06.29 12:24:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.29 12:24:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.29 12:24:18 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- m:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.05.14 11:28:22 | 006,149,120 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.05 18:28:54 | 001,546,648 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.05.09 12:37:06 | 000,175,472 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\GFI\LANguard 10 Agent\lnssatt.exe
PRC - [2011.04.01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010.12.23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2010.12.12 22:42:38 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.27 17:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\***\AppData\Roaming\Mobile Partner\ouc.exe
PRC - [2009.01.30 18:02:18 | 002,542,528 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 07:42:26 | 000,050,477 | ---- | M] () -- M:\Downloads\Downloads ab 3-10-12\Defogger.exe
MOD - [2012.10.08 22:59:21 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.09.09 04:49:20 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.05.16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.05.16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.05.16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.05.16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.05.16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.05.16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.05.16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.05.16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.05.16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.05.16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.05.16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.05.16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.05.16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.05.16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.05.16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.05.16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012.05.16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.05.16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.05.16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.05.16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.05.14 11:29:58 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2012.05.14 11:25:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2011.08.22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011.07.14 14:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011.07.14 14:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011.07.14 14:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011.07.14 14:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011.07.14 14:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011.07.14 14:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011.07.14 14:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011.07.14 14:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2011.07.14 14:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2010.12.23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [1998.10.31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL
MOD - [1996.12.14 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.08 22:59:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.09 04:49:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Disabled | Stopped] -- M:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.29 12:25:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.29 12:24:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.06.29 12:24:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.29 12:24:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.29 12:24:18 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- m:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 12:37:06 | 000,175,472 | ---- | M] (GFI Software Development Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\LANguard 10 Agent\lnssatt.exe -- (gfi_lanss10_attservice)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.12 22:42:38 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 15:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.08.01 17:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.07.06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.29 12:25:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.06.29 12:25:53 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.06.29 12:25:50 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.29 12:25:49 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.06.29 12:25:49 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.30 19:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.12.24 12:48:38 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.12.23 10:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2010.12.23 07:40:24 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.26 05:08:08 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.27 10:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.12.28 15:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.10.07 10:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 10:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.02.03 17:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2009.01.30 01:02:44 | 000,120,256 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.06.28 13:00:06 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.01.30 01:02:44 | 000,120,256 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 28 E1 A8 33 11 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FC0FFD96-FB77-41C6-993C-350E6E70AEB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKCU\..\SearchScopes\{FC0FFD96-FB77-41C6-993C-350E6E70AEB8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.jzip.com/"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.19 07:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 04:49:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 04:49:20 | 000,000,000 | ---D | M]
 
[2012.09.26 16:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.26 16:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.03 12:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions
[2012.05.19 08:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.09 04:51:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.20 07:45:17 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.10.03 06:34:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\foxmarks@kei.com
[2012.08.29 07:30:45 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\extensions\toolbar@web.de.xpi
[2012.07.25 19:50:37 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.01 00:26:52 | 000,002,497 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\searchplugins\SearchResults.xml
[2011.08.25 11:17:38 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\searchplugins\youtube.xml
[2012.03.18 06:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.20 22:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.23 08:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.12.23 08:00:25 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.09 04:49:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 06:00:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 04:49:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 06:00:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 06:00:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.01 00:26:52 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.20 06:00:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 06:00:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] M:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9259C5-6CD2-484A-A14E-62D3193B2BA7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE27E9D9-CBA2-4A79-AC25-4AD2A9C086D5}: NameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.18 12:26:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.10.18 00:00:00 | 000,000,074 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9a0a1a39-3b4c-11e1-89d6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0a1a39-3b4c-11e1-89d6-005056c00008}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL N:\Start.hta
O33 - MountPoints2\{f6bfdb0d-56d6-11e1-853f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{f6bfdb0d-56d6-11e1-853f-005056c00008}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{f6bfdb29-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun
O33 - MountPoints2\{f6bfdb29-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{f6bfdb4b-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun
O33 - MountPoints2\{f6bfdb4b-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{f6bfdb57-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun
O33 - MountPoints2\{f6bfdb57-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 07:47:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.09 22:33:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{341A9EC9-066C-435F-BEBF-D1EFE1640C77}
[2012.10.09 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5882ADBA-1A87-4D43-9445-17F30E02EF48}
[2012.10.08 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5E9C5A0A-A77F-46B4-8B07-6024C3F5D929}
[2012.10.08 10:32:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{338B9490-755D-4C98-8AC1-36CAEAB94142}
[2012.10.07 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{06EE4724-1238-4A48-B2F1-F19B805F0650}
[2012.10.07 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\***\von mausi
[2012.10.07 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6828345-D609-493F-85CC-A4F359EBA12B}
[2012.10.06 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ADF786B3-CAF6-4B8B-89BF-5CE885BEA87B}
[2012.10.06 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\vw
[2012.10.06 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\VisualRoute
[2012.10.06 14:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualRoute Lite Edition
[2012.10.06 08:28:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4539CABC-DBE8-43F6-BA88-8C4F05486006}
[2012.10.05 20:48:43 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.10.05 20:48:43 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.10.05 20:48:43 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.10.05 20:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.10.05 20:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.10.05 20:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C6D5BAA-E7C9-431C-815A-A2D926B05905}
[2012.10.05 10:54:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData
[2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
[2012.10.05 08:27:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6FC48A87-5CB1-4C3D-9254-AA9FEDBDCEF1}
[2012.10.04 20:27:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B89D56CD-FD38-4D93-B3D4-4C02D1A67F1A}
[2012.10.04 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{39B8E43D-D3E3-44FC-AB30-C83B3559D081}
[2012.10.03 20:26:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCC8708B-4EC4-4CDE-A5DC-F7328F32F8BC}
[2012.10.03 12:15:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.10.03 12:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2012.10.03 12:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012.10.03 08:25:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D3E12DA0-0061-4767-B715-36737DBDAF5C}
[2012.10.02 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E495F7A4-DA22-46E8-A2E0-70BB7488B7C4}
[2012.10.02 08:24:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5247DC70-D775-43EE-99D1-E01812E4EE3A}
[2012.10.01 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5D2160F0-C1E2-498A-A190-B710A39B227A}
[2012.10.01 08:23:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50F5567D-F5A3-4F98-B49D-741C5E9D5641}
[2012.09.30 20:23:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9CCC32C1-8761-4331-8F8E-FF66042BC164}
[2012.09.30 08:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E88555E4-B271-4650-BD95-EF8ED10ECFE3}
[2012.09.29 20:22:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0EBFFCF6-4095-43E6-9BD9-AF20A4F55377}
[2012.09.29 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D49A605F-B15B-4A7F-AF4C-B875B300D93E}
[2012.09.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F361DBDE-F589-40A6-9B60-9E01D609A445}
[2012.09.28 08:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{93FAF486-61C4-4BED-AF15-7B425AAD8416}
[2012.09.27 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50C1C0A1-494B-42E8-8E78-F54BC810CE2E}
[2012.09.27 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{86C4BEA0-5891-4DFA-8401-1576809E69DF}
[2012.09.26 20:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D67FCE9-9D3F-450E-BB4B-2687F255475B}
[2012.09.26 16:51:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TomTom
[2012.09.26 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TomTom
[2012.09.26 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TomTom
[2012.09.26 16:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012.09.26 16:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2012.09.26 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2012.09.26 08:19:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4BA66D15-06C4-467D-8C72-0C31CDCC3302}
[2012.09.25 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6E13A13F-E674-4BE5-AD50-7D30E4C52F23}
[2012.09.25 08:18:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E49FC2D1-1F27-4331-A652-D835864E895C}
[2012.09.24 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D0DFB3C4-3C09-410A-B379-B8D092B468FB}
[2012.09.24 08:17:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{841114C9-DB12-4ADD-9F3E-FAF93C586BEB}
[2012.09.23 20:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{665E7D7E-0CD3-4A31-9B5A-2C00F5E5E0AA}
[2012.09.23 08:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4160B602-9363-49D1-A28C-9794DC090BBF}
[2012.09.23 07:42:10 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.09.22 20:15:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{06AD825D-3D85-49CA-BE2D-AAD916E23FBA}
[2012.09.22 08:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5990F235-0AC1-4505-998D-8C005E82BFAA}
[2012.09.21 20:14:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{52284EA2-52C2-4A13-B47E-BA3F048E5A6F}
[2012.09.21 08:13:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{30AE0A09-06C1-4CE2-ADDA-BBABFC770852}
[2012.09.20 20:13:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7BCE812F-9A89-4233-B1FE-A7C71894C8BE}
[2012.09.20 08:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{48761CE3-4C62-4262-A91E-1F22D8D31624}
[2012.09.19 19:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{21DFEBEE-6797-4F8C-953C-50FB016109B2}
[2012.09.19 07:35:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA6F3CC3-41BA-4890-A1C7-AEEDDC84690A}
[2012.09.18 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{90AB8789-1826-49EF-A37C-53B3DA8C7E01}
[2012.09.18 07:34:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{133D4792-F9C6-48E2-986F-C25C12E409F4}
[2012.09.17 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{281DC3E5-3F13-43DB-A0A1-068E3A7EC83E}
[2012.09.16 23:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{07C6792F-DEAE-4E91-8A4B-58D25CE3B685}
[2012.09.16 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F9C5BA9-2E0D-47CD-998E-41D2B7EDE13B}
[2012.09.15 22:27:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{66F71285-CF90-4824-BEEA-B51CD601B7E4}
[2012.09.15 10:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BFDBB2D9-0E58-453B-9C52-6D88A23A7D4E}
[2012.09.14 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{372B6760-A422-420E-A546-C85854DA762A}
[2012.09.14 10:26:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{72D68EA7-A446-488C-8312-291B651751C1}
[2012.09.13 19:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CC6F5E8C-8B2A-485D-BD0A-CB18CEC979E6}
[2012.09.13 07:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47F7FC4A-5D88-4B0A-A4A8-B1A7C597187B}
[2012.09.12 19:11:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D23C5281-7B36-4E12-8FCA-877E729063C6}
[2012.09.12 07:11:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0A5E6F53-7CFB-4867-8442-43ACB6E8BFCD}
[2012.09.11 19:10:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{24FEA246-36FD-4ABC-93C5-B01D4DF6EC14}
[2012.09.11 10:09:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Steuer
[2012.09.11 07:10:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7D7607FA-91AE-45A4-BD3F-9C56D5FE27F3}
[2012.09.10 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{135E301B-F5DC-46ED-AF86-6F5B570FFEA8}
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 07:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.10 07:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 07:45:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.10 07:44:16 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.10 07:40:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503762395-4116910774-783905613-1000UA.job
[2012.10.10 07:40:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503762395-4116910774-783905613-1000Core.job
[2012.10.10 05:42:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 05:42:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 05:34:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 05:33:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 05:33:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.10.10 05:33:11 | 3207,303,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 22:09:38 | 000,016,881 | ---- | M] () -- C:\Users\***\Documents\tracrerouten.odt
[2012.10.09 21:15:55 | 000,007,334 | ---- | M] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt
[2012.10.09 13:41:24 | 000,002,501 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2012.10.07 22:32:22 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 22:32:22 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 22:32:22 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 22:32:22 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 22:32:22 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.07 01:45:03 | 000,118,045 | ---- | M] () -- C:\Users\***\Desktop\von ulli der tracert Kopie.jpg
[2012.10.07 01:44:20 | 000,662,818 | ---- | M] () -- C:\Users\***\Desktop\von ulli der tracert.psd
[2012.10.07 01:42:56 | 000,472,239 | ---- | M] () -- C:\Users\***\Desktop\IMG_07102012_014301.png
[2012.10.07 01:32:35 | 000,263,991 | ---- | M] () -- C:\Users\***\Desktop\IMG_07102012_013242.png
[2012.10.06 14:20:25 | 000,223,811 | ---- | M] () -- C:\Users\***\Desktop\horch.png
[2012.10.06 14:06:27 | 000,000,047 | ---- | M] () -- C:\Users\***\VisualRoute Lite Edition-Path
[2012.10.06 13:50:53 | 000,112,766 | ---- | M] () -- C:\Users\***\Desktop\Simone 3.jpg
[2012.10.05 21:43:25 | 000,212,107 | ---- | M] () -- C:\Users\***\Desktop\Greenshot_2012-10-05_21-41-50.png
[2012.10.05 21:42:50 | 000,171,427 | ---- | M] () -- C:\Users\***\Desktop\route zu atlan Kopie.jpg
[2012.10.05 21:41:10 | 000,874,179 | ---- | M] () -- C:\Users\***\Desktop\route zu atlan.psd
[2012.10.05 20:48:41 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.05 20:48:41 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.03 12:15:17 | 000,001,027 | ---- | M] () -- C:\Users\***\Desktop\Free Download Manager.lnk
[2012.10.03 10:39:33 | 000,001,874 | ---- | M] () -- C:\Users\***\Desktop\DVD Flick.lnk
[2012.10.02 07:58:45 | 000,024,064 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.24 10:26:43 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.09.19 11:29:46 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.19 11:29:40 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.09.17 11:28:28 | 000,000,666 | ---- | M] () -- C:\Users\***\Documents\inSpeak Communicator.lnk
[2012.09.12 07:52:30 | 000,000,218 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.11 08:37:41 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 07:44:16 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.09 21:19:48 | 000,016,881 | ---- | C] () -- C:\Users\***\Documents\tracrerouten.odt
[2012.10.09 21:15:55 | 000,007,334 | ---- | C] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt
[2012.10.07 01:45:00 | 000,118,045 | ---- | C] () -- C:\Users\***\Desktop\von ulli der tracert Kopie.jpg
[2012.10.07 01:44:20 | 000,662,818 | ---- | C] () -- C:\Users\***\Desktop\von ulli der tracert.psd
[2012.10.07 01:42:50 | 000,472,239 | ---- | C] () -- C:\Users\***\Desktop\IMG_07102012_014301.png
[2012.10.07 01:32:31 | 000,263,991 | ---- | C] () -- C:\Users\***\Desktop\IMG_07102012_013242.png
[2012.10.06 14:20:05 | 000,223,811 | ---- | C] () -- C:\Users\***\Desktop\horch.png
[2012.10.06 14:06:27 | 000,000,047 | ---- | C] () -- C:\Users\***\VisualRoute Lite Edition-Path
[2012.10.06 13:50:35 | 000,112,766 | ---- | C] () -- C:\Users\***\Desktop\Simone 3.jpg
[2012.10.05 21:43:05 | 000,212,107 | ---- | C] () -- C:\Users\***\Desktop\Greenshot_2012-10-05_21-41-50.png
[2012.10.05 21:42:47 | 000,171,427 | ---- | C] () -- C:\Users\***\Desktop\route zu atlan Kopie.jpg
[2012.10.05 21:41:10 | 000,874,179 | ---- | C] () -- C:\Users\***\Desktop\route zu atlan.psd
[2012.10.05 20:48:41 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.05 20:48:41 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.10.05 20:48:41 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.03 12:15:17 | 000,001,027 | ---- | C] () -- C:\Users\***\Desktop\Free Download Manager.lnk
[2012.09.12 07:52:30 | 000,000,218 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.05.17 00:36:19 | 000,000,022 | ---- | C] () -- C:\Windows\op70.ini
[2012.03.24 10:53:24 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.18 12:27:12 | 012,781,358 | ---- | C] () -- C:\Users\***\20120218_Lokalzeit_Münsterland-Die_goldene_Pracht.mp4
[2012.02.05 00:37:48 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.12.26 13:31:17 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.23 14:14:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.08 02:04:56 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.12.03 22:04:54 | 000,000,693 | ---- | C] () -- C:\Users\***\*** - Verknüpfung.lnk
[2011.10.17 13:02:36 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.17 12:39:03 | 000,904,192 | ---- | C] () -- C:\Users\***\cut_assistant.exe
[2011.10.17 12:39:03 | 000,042,537 | ---- | C] () -- C:\Users\***\cut_assistant.de.lng
[2011.06.17 11:30:15 | 000,024,064 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.06 09:52:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.06.06 00:57:23 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.14 10:47:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.14 08:29:36 | 000,001,658 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.05.14 08:29:36 | 000,000,774 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.13 07:45:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.13 07:45:16 | 000,021,565 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.05.30 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.07.23 11:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.08.12 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BSW
[2012.03.24 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.12.13 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.08.04 09:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.01.15 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CloneSpy
[2012.10.10 05:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.10.09 04:51:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.09 04:51:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.10 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.06.08 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeDoko
[2012.04.27 12:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.12.23 14:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.09.24 10:29:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2012.08.20 07:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iminent
[2011.05.14 11:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.02.28 22:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Partner
[2012.09.06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.30 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2012.06.25 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.06.17 11:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.03.18 23:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.12.13 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.05.26 16:22:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.06.17 11:05:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.05.15 07:05:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reviversoft
[2012.06.29 13:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.09.30 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2012.09.26 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2012.02.29 13:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.12.07 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay
[2012.10.05 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.05.16 08:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.09.13 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 973 bytes -> C:\Users\***\Documents\Ihr neues Handy jetzt mit -60%, Frau ***!.eml:OECustomProperty
@Alternate Data Stream - 920 bytes -> C:\Users\***\Documents\Fw_ Robert.eml:OECustomProperty
@Alternate Data Stream - 809 bytes -> C:\Users\***\Documents\Info Wiedereröffnung.eml:OECustomProperty
@Alternate Data Stream - 629 bytes -> C:\Users\***\Documents\ursula wagner.eml:OECustomProperty
@Alternate Data Stream - 48 bytes -> C:\Windows:115BF82199800267
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08948D52
@Alternate Data Stream - 1080 bytes -> C:\Users\Public\Documents\http___vacancies24_de_job_tischler-nach-borken-gesucht-arbeitsort-borken-westfalen_.eml:OECustomProperty

< End of report >
         
--- --- ---

Alt 10.10.2012, 16:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unberechtigte Remotezugriffe auf meinem Rechner ? - Standard

Unberechtigte Remotezugriffe auf meinem Rechner ?



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 10.10.2012, 16:15   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unberechtigte Remotezugriffe auf meinem Rechner ? - Standard

Unberechtigte Remotezugriffe auf meinem Rechner ?



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
__________________

Alt 12.10.2012, 12:15   #4
janeway
 
Unberechtigte Remotezugriffe auf meinem Rechner ? - Standard

Unberechtigte Remotezugriffe auf meinem Rechner ?



Hallo,

hier zwei Malwarebyte-logs:

Code:
ATTFilter
   
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ULRIKE [Administrator]

Schutz: Aktiviert

11.10.2012 06:00:01
mbam-log-2012-10-11 (06-00-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 808387
Laufzeit: 2 Stunde(n), 43 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\skink\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\skink\euRO_Char_viewer\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\update\euRO_Char_viewer\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\Datenträger G von Arbeit\Karten Gerd\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\Slysoft\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\WinNT\NT-SVR\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\WinNT\NT-WS\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
2012/10/11 05:46:48 +0200	ULRIKE	***	MESSAGE	Starting protection
2012/10/11 05:46:48 +0200	ULRIKE	***	MESSAGE	Protection started successfully
2012/10/11 05:46:48 +0200	ULRIKE	***	MESSAGE	Starting IP protection
2012/10/11 05:46:49 +0200	ULRIKE	***	MESSAGE	IP Protection started successfully
2012/10/11 05:52:19 +0200	ULRIKE	***	MESSAGE	Executing scheduled update:  Daily
2012/10/11 05:52:29 +0200	ULRIKE	***	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.10.10.07 to version v2012.10.11.04
2012/10/11 05:52:29 +0200	ULRIKE	***	MESSAGE	Starting database refresh
2012/10/11 05:52:29 +0200	ULRIKE	***	MESSAGE	Stopping IP protection
2012/10/11 05:52:29 +0200	ULRIKE	***	MESSAGE	IP Protection stopped successfully
2012/10/11 05:52:31 +0200	ULRIKE	***	MESSAGE	Database refreshed successfully
2012/10/11 05:52:31 +0200	ULRIKE	***	MESSAGE	Starting IP protection
2012/10/11 05:52:31 +0200	ULRIKE	***	MESSAGE	IP Protection started successfully
2012/10/11 06:41:10 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50772, Process: avwebgrd.exe)
2012/10/11 06:41:10 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50774, Process: avwebgrd.exe)
2012/10/11 06:41:10 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50776, Process: avwebgrd.exe)
2012/10/11 06:41:26 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50784, Process: avwebgrd.exe)
2012/10/11 06:41:34 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50789, Process: avwebgrd.exe)
2012/10/11 06:41:34 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50791, Process: avwebgrd.exe)
2012/10/11 06:41:34 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50793, Process: avwebgrd.exe)
2012/10/11 06:41:58 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50805, Process: avwebgrd.exe)
2012/10/11 06:41:58 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50807, Process: avwebgrd.exe)
2012/10/11 06:41:58 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50809, Process: avwebgrd.exe)
2012/10/11 06:41:58 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50811, Process: avwebgrd.exe)
2012/10/11 06:42:06 +0200	ULRIKE	***	IP-BLOCK	109.163.231.139 (Type: outgoing, Port: 50813, Process: avwebgrd.exe)
2012/10/11 09:08:33 +0200	ULRIKE	***	MESSAGE	Starting protection
2012/10/11 09:08:33 +0200	ULRIKE	***	MESSAGE	Protection started successfully
2012/10/11 09:08:33 +0200	ULRIKE	***	MESSAGE	Starting IP protection
2012/10/11 09:08:34 +0200	ULRIKE	***	MESSAGE	IP Protection started successfully
         

und hier das Eset-log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8ace78f3753ea149beba2db5da51f3a8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-12 09:04:44
# local_time=2012-10-12 11:04:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 161397 161397 0 0
# compatibility_mode=5893 16776574 100 94 44584167 101646593 0 0
# compatibility_mode=8192 67108863 100 0 159 159 0 0
# scanned=572006
# found=17
# cleaned=17
# scan_time=15941
C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll	probably a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\***\AppData\Local\Temp\NOD7BB3.tmp	a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Users\***\AppData\Roaming\OpenCandy\OpenCandy_D4806F4F52B648DCA9FF28455F96AF24\RegistryReviverSetup-ppi_.exe	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\***\Downloads\SoftonicDownloader_fuer_banner-maker-pro.exe	a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Data1\Datenträger G von Arbeit\Alle Spiele\Andrea s\front9.exe	Win32/Adware.WildTangent application (deleted - quarantined)	00000000000000000000000000000000	C
D:\Data1\Downloads\Firtzbox sicherung\installer_abc_amber_text_converter_5_07_Deutsch_Deutsch.exe	Win32/Toggle application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Data1\Downloads\Firtzbox sicherung\Nicht verwendete Desktopverknüpfungen\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Downloads\SoftonicDownloader_fuer_audacity.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Downloads\Neuer Ordner\freeripmp3_2-setup.exe	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\Dokumente und Einstellungen\***\Desktop\Nicht verwendete Desktopverknüpfungen\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\Dokumente und Einstellungen\***\Startmenü\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\RECYCLER\S-1-5-21-1390067357-1284227242-725345543-1003\Dd16.exe	Win32/Toggle application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
M:\Downloads\jZipV1c.exe	a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
M:\Downloads\registrybooster.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

lg janeway

Alt 12.10.2012, 14:40   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unberechtigte Remotezugriffe auf meinem Rechner ? - Standard

Unberechtigte Remotezugriffe auf meinem Rechner ?



Code:
ATTFilter
D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\Slysoft\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\WinNT\NT-SVR\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Sicherungen\WinNT\NT-WS\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Unberechtigte Remotezugriffe auf meinem Rechner ?
adobe, antivir, application/pdf:, aufrufe, avg, avira, dealply, error, firefox, fixmyregistry, flash player, format, free download, google, gruppe, home, iminent toolbar, internet, logfile, mozilla, object, pishing, plug-in, realtek, registry, rundll, scan, security, software, starmoney, system, temp, tracker, usb, windows




Ähnliche Themen: Unberechtigte Remotezugriffe auf meinem Rechner ?


  1. Trojaner vom BKA auf meinem rechner
    Log-Analyse und Auswertung - 03.07.2015 (1)
  2. Piwik: Unberechtigte können Webseiten-Statistiken abrufen
    Nachrichten - 03.06.2015 (0)
  3. Trojaner auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (30)
  4. BKA Trojaner auf meinem Rechner
    Log-Analyse und Auswertung - 27.09.2013 (3)
  5. GVU-Virus auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  6. QV 06 und Spyhunter 4 auf meinem Rechner...
    Log-Analyse und Auswertung - 06.07.2013 (9)
  7. Incredibar auf meinem Rechner...was tun!
    Log-Analyse und Auswertung - 23.07.2012 (1)
  8. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  9. Probleme mit meinem Rechner...
    Log-Analyse und Auswertung - 20.10.2010 (1)
  10. Unberechtigte Abbuchung eines bekannten ZahlService - DR/KKFinder.AH ?
    Log-Analyse und Auswertung - 28.02.2010 (5)
  11. adware auf meinem rechner!=(
    Mülltonne - 16.11.2008 (0)
  12. Was hab ich auf meinem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 15.10.2008 (2)
  13. TR/Drop.WSO.A.2 auf meinem rechner
    Log-Analyse und Auswertung - 02.02.2007 (8)
  14. HOWIPER.EXE auf meinem rechner
    Plagegeister aller Art und deren Bekämpfung - 01.05.2006 (10)
  15. Only Probleme mit meinem Rechner
    Log-Analyse und Auswertung - 06.03.2006 (1)
  16. Was ist nur los mit meinem Rechner???
    Log-Analyse und Auswertung - 16.01.2005 (3)
  17. Virus auf meinem Rechner?
    Log-Analyse und Auswertung - 22.09.2004 (1)

Zum Thema Unberechtigte Remotezugriffe auf meinem Rechner ? - Guten morgen, ich habe mich vorgestern in Wikipedia über das "Netbus"-Programm informiert, dabei dann nach der sysedit.exe auf meinem system gesucht, und bingo, auch gefunden. Als ich gestern morgen die - Unberechtigte Remotezugriffe auf meinem Rechner ?...
Archiv
Du betrachtest: Unberechtigte Remotezugriffe auf meinem Rechner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.