GVU Malware

Houston · 13.03.2013, 19:44

Hey,
Ich hab mir heute dummerweise auch den GVU-Trojaner (bei mir sogar mit Videofenster etc.

) eingefangen. Nach kurz verzögertem Herausnehmen des Akkus meines Notebook, Systemwiederherstellung ist der GVU-Screen erstmal veschwunden. Ich bin jetzt auch über diesen Computer online, im normalen Modus von WIndows 7, glaub aber nicht, dass die Malware endgültig weg ist.
Wäre nett, wenn ihr mir helfen könntet.

Ach ja, ich habe Malwarebytes durchlaufen lassen, hier die logs:

Schutz: Aktiviert

13.03.2013 16:02:54
MBAM-log-2013-03-13 (19-40-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 514257
Laufzeit: 3 Stunde(n), 37 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Benni\7815071.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Benni\AppData\Local\Temp\{974A38E9-8C25-4153-A04A-961965F076C3}\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\funsta_com.bmp (Extension.Mismatch) -> Keine Aktion durchgeführt.
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt.

(Ende)

Sind die gefundenen Dateien, die vom GVU?
Habe die Schadsoftware jedenfalls erstmal in Quarantäne gepackt.

Vielen Dank, schonmal im voraus.

t'john · 14.03.2013, 10:30

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Wähle Scanne Alle Benuzer
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Houston · 14.03.2013, 16:47

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.03.2013 16:29:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 44,51% Memory free
7,61 Gb Paging File | 5,29 Gb Available in Paging File | 69,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 250,45 Gb Free Space | 59,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,16 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
 
Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Benni\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe File not found
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe File not found
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (pr2ah4nc) -- C:\windows\SysNative\pr2ah4nc.exe (CODEMASTERS)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS)
DRV:64bit: - (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS)
DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.4
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.9.2
FF - prefs.js..extensions.enabledAddons: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:10.14.65.43
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Benni\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Benni\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 15:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.07 10:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 15:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.07 10:10:59 | 000,000,000 | ---D | M]
 
[2012.05.24 11:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2013.03.06 14:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\xc7ekxex.default\extensions
[2013.02.23 23:21:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\xc7ekxex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.14 12:34:07 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\xc7ekxex.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2013.03.06 14:10:12 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\xc7ekxex.default\extensions\firefox@ghostery.com
[2013.03.05 17:20:50 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\xc7ekxex.default\extensions\ich@maltegoetz.de
[2013.01.18 15:35:14 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\extensions\toolbar@web.de.xpi
[2012.12.11 21:27:34 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 23:23:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.18 15:35:53 | 000,000,911 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\11-suche.xml
[2012.07.01 15:24:05 | 000,000,955 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\conduit.xml
[2013.01.18 15:35:53 | 000,002,273 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\englische-ergebnisse.xml
[2013.01.18 15:35:53 | 000,010,563 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\gmx-suche.xml
[2013.01.18 15:35:53 | 000,002,432 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\lastminute.xml
[2013.01.18 15:35:53 | 000,005,545 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\mozilla\firefox\profiles\xc7ekxex.default\searchplugins\webde-suche.xml
[2012.05.24 11:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.21 09:10:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.06.24 15:57:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.04 13:09:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.04.21 08:37:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.24 15:56:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 15:56:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 15:56:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 15:56:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 15:56:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 15:56:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Benni\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Benni\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Benni\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Benni\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Benni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000..\Run: [Akamai NetSession Interface] C:\Users\Benni\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000..\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44183FCE-4856-48B4-A5F6-E79E613155A4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7f4d93a5-0e27-11e2-86bc-8ccdf65996ff}\Shell - "" = AutoRun
O33 - MountPoints2\{7f4d93a5-0e27-11e2-86bc-8ccdf65996ff}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.14 16:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 16:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 16:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 20:47:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2013.03.13 15:59:45 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2013.03.13 15:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.13 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.13 15:59:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.13 15:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.13 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Programs
[2013.03.09 15:00:46 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Avira
[2013.03.09 14:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.09 14:54:59 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.09 14:54:59 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.09 14:54:59 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.03.09 14:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.09 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.15 00:24:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.02.15 00:24:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.02.15 00:24:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.02.15 00:24:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.02.15 00:24:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.02.15 00:24:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.02.15 00:24:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.02.15 00:24:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.02.15 00:24:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.02.15 00:24:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.02.15 00:24:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.02.15 00:24:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.02.15 00:24:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.02.15 00:24:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.02.15 00:24:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.02.14 12:41:23 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.14 12:41:20 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.14 12:41:19 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.14 12:41:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013.02.14 12:41:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013.02.14 12:41:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013.02.14 12:41:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013.02.14 12:41:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.14 12:41:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013.02.14 12:41:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.14 12:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013.02.14 12:41:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.14 12:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013.02.14 12:41:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.14 12:41:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.14 12:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 12:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 12:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 12:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 12:41:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 12:41:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 12:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 12:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 12:41:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 12:41:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 12:41:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 12:41:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 12:41:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 12:41:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.14 12:40:58 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.14 16:12:09 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 16:12:09 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 16:07:01 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.14 16:03:36 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.14 16:03:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.14 16:03:16 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 20:48:06 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2079826306-1531348956-2000433453-1000UA.job
[2013.03.13 20:48:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 20:48:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2013.03.13 15:59:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 15:45:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\1705187.pad
[2013.03.13 15:29:29 | 000,002,734 | ---- | M] () -- C:\ProgramData\1705187.js
[2013.03.13 15:29:29 | 000,000,153 | ---- | M] () -- C:\ProgramData\1705187.reg
[2013.03.13 15:29:29 | 000,000,060 | ---- | M] () -- C:\ProgramData\1705187.bat
[2013.03.12 21:23:06 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 21:23:06 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 14:48:01 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2079826306-1531348956-2000433453-1000Core.job
[2013.03.09 14:55:09 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.08 16:00:28 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.08 16:00:28 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.03.08 16:00:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.06 17:55:02 | 013,288,163 | ---- | M] () -- C:\Users\Benni\Desktop\03 The Straight - In the Need of a Helping Hand (1).mp3
[2013.03.06 15:19:08 | 001,512,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.06 15:19:08 | 000,659,238 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.06 15:19:08 | 000,620,384 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.06 15:19:08 | 000,132,776 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.06 15:19:08 | 000,108,566 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.02 12:51:54 | 003,628,109 | ---- | M] () -- C:\Users\Benni\Desktop\Bottom again.mp3
[2013.03.02 12:40:44 | 000,969,733 | ---- | M] () -- C:\Users\Benni\Desktop\Bottom again 2.mp3
[2013.02.15 14:36:57 | 000,352,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.13 15:59:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 15:29:29 | 000,002,734 | ---- | C] () -- C:\ProgramData\1705187.js
[2013.03.13 15:29:29 | 000,000,153 | ---- | C] () -- C:\ProgramData\1705187.reg
[2013.03.13 15:29:29 | 000,000,060 | ---- | C] () -- C:\ProgramData\1705187.bat
[2013.03.13 15:29:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\1705187.pad
[2013.03.09 14:55:09 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.06 17:53:07 | 013,288,163 | ---- | C] () -- C:\Users\Benni\Desktop\03 The Straight - In the Need of a Helping Hand (1).mp3
[2013.03.02 12:50:31 | 003,628,109 | ---- | C] () -- C:\Users\Benni\Desktop\Bottom again.mp3
[2013.03.02 12:40:13 | 000,969,733 | ---- | C] () -- C:\Users\Benni\Desktop\Bottom again 2.mp3
[2012.11.10 12:36:15 | 000,025,748 | ---- | C] () -- C:\Users\Benni\New1010.TAK
[2012.11.10 12:23:36 | 000,009,476 | ---- | C] () -- C:\Users\Benni\New1009.TAK
[2012.02.05 18:54:21 | 000,018,048 | ---- | C] () -- C:\windows\SysWow64\drivers\lirsgt.sys
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011.08.29 13:53:53 | 000,000,227 | ---- | C] () -- C:\Users\Benni\Goya.ini
[2011.07.04 13:08:21 | 000,579,426 | ---- | C] () -- C:\Users\Benni\New.MMM
[2011.07.02 12:08:24 | 000,000,000 | ---- | C] () -- C:\Users\Benni\AppData\Local\{13ABD478-281C-4A52-B374-19E96D2D1F42}
[2011.06.29 13:33:00 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\mgxasio2.dll
[2011.06.29 13:28:29 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll
[2011.06.29 13:27:08 | 000,007,119 | ---- | C] () -- C:\windows\mgxoschk.ini
[2011.06.27 12:20:58 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011.06.27 12:20:52 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.06.11 15:02:11 | 000,000,000 | ---- | C] () -- C:\Users\Benni\AppData\Local\{532890CB-B963-4AA8-AFA5-6114050CDF74}
[2010.09.18 11:46:47 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.08.21 09:11:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.18 20:02:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\AnvSoft
[2010.08.21 07:54:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ArcSyncConfig
[2010.10.23 17:04:35 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\CocoonSoftware
[2012.11.22 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\dingogames
[2012.10.09 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DVDVideoSoft
[2012.09.13 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.21 21:07:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeTorrentViewer
[2010.09.18 12:19:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeVideoConverter
[2011.03.01 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Guitar Pro 6
[2011.07.29 01:11:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Jens Lorek
[2011.07.30 01:14:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JonDo
[2010.10.26 17:54:04 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LG Electronics
[2012.05.02 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient
[2012.05.25 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient2
[2011.09.22 20:09:40 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MAGIX
[2010.09.01 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MusicIP
[2012.03.31 13:55:32 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Need for Speed World
[2012.10.09 20:11:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenCandy
[2011.05.17 16:46:48 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Regressi
[2012.04.21 13:56:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Ubisoft
[2011.09.18 11:46:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Windows Live Writer
[2011.06.02 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.03.2013 16:29:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 44,51% Memory free
7,61 Gb Paging File | 5,29 Gb Available in Paging File | 69,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 250,45 Gb Free Space | 59,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,16 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
 
Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2079826306-1531348956-2000433453-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Value error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034174F3-B437-41DB-A17F-A5AE2575DCC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DA59C16-7AF9-4F6A-9572-BE900537BBF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0EB26114-6AC7-4858-81B9-17F7B07E6243}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{117D2BE1-CF8B-439A-A0F0-96D941EB6E08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2551AB0F-E2A1-41FE-AD43-AFD287FD1689}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2ED324EA-18C8-46F6-A379-33AD9F9B3A3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FE055AD-129E-49DB-8AF7-A93DBF5C6707}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3606CE93-6050-4E05-82C8-1460772DFC9D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3FEC43F1-043C-4C1C-A2FC-ECAE2AA56D4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4356F48F-BD86-4909-ACF6-5F07C3E869E0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{47343CB6-6EDC-4C6B-A8EF-0729B5453878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{47F53B25-0EEC-401E-AF03-34FF2919BA3E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55BA2CC7-029E-4864-BE7D-B194E9906A42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6423D03F-EF5E-4E52-B9DA-E5840CD94072}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6660C536-199C-48DE-A64E-7F111A174D0B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{67A1CE93-23AA-4142-A095-C5EB40CE8F89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69BF5E8D-2783-4D67-AB8B-FC67A8BC930B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B1AEC2E-E24A-4B7B-9BF1-31C30D8DC90C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{70CED845-6F6B-4F46-87BC-046CDA08D1FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{938BAFCA-5FFC-4D23-B853-684772AC618E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9BBB8086-7E82-4CE6-8D40-3963EEDA2066}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9C81897F-A4E0-4B6E-9403-D98BCE61344A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9C8F582D-D86D-49AB-9C55-A89AA36FA9C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B5D3D71E-8E86-41F6-BFB4-F6BED539C9F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C571DF25-450F-475A-963F-9CBFF0354B12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8A4A665-0C9B-44FD-999C-5E6F0485732E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CB8D41B1-9A12-4C54-BC13-72CAA75A4643}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB98D840-0091-44C7-87F3-1EC07811E82E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2340896-1C04-4C51-B1C6-CFCBC5469960}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E39F63E2-71B4-41BA-A478-2AEBC3E8361D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FBAE09C2-8A92-4BE2-BC84-A96FAE488B09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7B3FF-02E8-405B-ABE2-DE63B4412C21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{069988ED-8265-4769-AE86-2AA65FD345C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06C3087D-41C1-439F-8A5D-A23B3282B58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{087498F4-04D3-47EF-8555-EE7DBDAFB576}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{0A49501E-1C21-4918-A60E-531076EFC542}" = protocol=6 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{0A917966-44EF-4E83-A2B9-C58D2139B8DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0C1D7D86-C07D-4F3D-9FF5-47ED3859755C}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{0E677F6B-CE31-41A4-A228-1FBA382F3BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{13B411BB-D703-4B0D-8F16-A6B638FF03BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{162EF47C-6C55-4C1E-8EFC-5439E41993A4}" = protocol=17 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{1DE69786-2FD0-4462-B6F6-4F4895904041}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\earth 2160\earth2160_sse.exe | 
"{1E830347-6D29-40DD-8D1F-07690564FD97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EE8BAE7-6EDF-46A5-B222-B4F63752B75B}" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\akamai\netsession_win.exe | 
"{2B0D1EF4-679B-4CEA-8877-A64ECC42E113}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{34C593D6-CC8D-4F13-9737-9CE5F9F83349}" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\akamai\netsession_win.exe | 
"{46BC2955-5077-4FF4-A5E4-6A3F539E7853}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\earth 2160\earth2160_no_sse.exe | 
"{46E9C3CF-DB59-442D-A398-996B582AECDC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 
"{4A933059-9C7E-4355-BC07-D847B0310FC0}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\earth 2160\earth2160_sse.exe | 
"{4BB13EC2-5443-4B64-894A-FBF6CF0AACA6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{503C4D90-0C2D-4CFB-AFEE-F08C2C39C59E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{595D2B40-27D6-40C9-B35F-F0F327ADC969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{65296D97-2338-41F6-9280-6B6C4AA86934}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6A4872D8-347C-48D7-A5C9-702C1548635B}" = protocol=6 | dir=out | app=system | 
"{6B7BFD65-8BC5-4239-8726-96B0C28242FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6D6A559D-F12C-4B27-8397-BF19F8F8F05F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7318197A-7E1E-4615-A7E4-8DE7305F2CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{738FBFB6-3B75-4602-8575-5561C65711E8}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{7A8136CE-BD6A-4BCC-9915-757940287272}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{7EC17812-4CAF-4E1A-AB15-4DEBF37F53FE}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{7F97916A-0E33-44C7-B2C0-BDD4F0BB02B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80B97872-5E02-49A4-9BDF-5A373C5C3942}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{81651DD6-B01D-433B-A410-D3DBC2602D63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{82CF23A1-F9D7-42A0-8846-AFBBBF7D81A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83DF3BA8-4925-4CFD-9095-0733F2907293}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{86D918DA-A091-4B6E-AF94-F3B551FFBDE2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{87682DB2-73DD-496B-9E90-8AE2BC65CCDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{885310F2-45C6-4970-8513-C7D6800777D2}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{8ABC3320-F20F-4E54-B7BA-91BBFF98A608}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 
"{8B48DD0A-1646-476F-B831-83E112181E53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{8BA5BBF6-959B-477A-A14C-34696AD95010}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8F3C6695-3956-481B-850F-77B9DEE270FF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 
"{9026A0CE-010B-4026-AD42-A377AD1EA334}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\earth 2160\earth2160_no_sse.exe | 
"{9AFAB915-7925-4EC1-A368-DCD593F83A92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9C025DFA-8CA8-4D64-BC3E-748B2F30E4A4}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{A1C35A4F-2843-4A93-8D2E-A9A79BE26A5A}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{A1E6C5DE-E548-4CC2-BE60-8B2FA0ED6B82}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{A84BB40D-1646-462D-896D-BB0340A93707}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{BBE94C9B-1A36-4457-A4D8-50187CC7A9F1}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{BD3B07C8-F2B1-4BDF-9412-92A71FCEF938}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{BDE1BF9B-69F7-4A97-A205-AA9823474633}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C2E27478-9792-4613-938B-8CF6FA10AFE4}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{C56A6962-6D2B-4362-B3B7-8C01DC6E773E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CEF81497-9411-475E-9801-7B3B5E67606B}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{D142C4C6-2341-4F23-A99E-680C7A0A3775}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D9670781-ADC7-41F6-8A22-BE879EAB69B1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{DE88002C-B175-41F7-8993-D39AFA269FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe | 
"{E2BDFA2C-4DCB-4B48-AB7A-BD7D6B8FA63E}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{F327E011-4317-4895-839F-BB58D5D782EF}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | 
"{F50F3A29-EE42-40BB-9149-5FB2F83722BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F6CA2E02-1A67-4807-AC67-EC71A9F08F36}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 
"{FC72CFE8-494F-4198-AE4F-37CF697E52BB}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{FEAC6325-35F8-4DE8-9F3D-3896D16E62BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF94B5DD-BFD5-441D-B0EB-9741C3825C84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FF95DD30-2E06-4BF0-8BF8-A4E97B5DD9CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0100D4E0-1132-4BCF-8BCD-678A3F36A2F8}C:\anno1602\1602.exe" = protocol=6 | dir=in | app=c:\anno1602\1602.exe | 
"TCP Query User{0368B618-2B8F-4BE0-B68D-B31F0CF56FDC}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{064F521F-A4D5-4042-8E41-AF462828D52F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{10F3394F-B3A1-45AB-9328-23AD1A5A635F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{19D233C5-D0FE-4A38-A1E6-49F4C79F8264}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{2FAAD0E5-A2F2-4CA8-A737-40C125167B73}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
"TCP Query User{5EEB16A1-3437-4626-B9E1-0FF1F64AF279}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{A13BC01E-865C-459F-8E16-E85FC3FC16DC}C:\users\benni\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\benni\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{B027A0D8-D66B-47DC-9CA5-110C1D7E5425}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{C64ECB56-EF68-4B5A-8564-32D405FE94EB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DB90D970-F5ED-4B54-A851-E4EF596F998B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{F592260D-4F75-4E0E-9648-4C40F99DE4B3}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"UDP Query User{2D17428B-08AB-4684-93B9-E0B72158BA35}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{2E88F30A-276D-4CB0-847A-B57FF31ACD7D}C:\program files (x86)\wing commander saga\wcsaga_sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wing commander saga\wcsaga_sse2.exe | 
"UDP Query User{4C81A522-B8C9-4F6A-A339-D832F6AE4F28}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
"UDP Query User{5415CB5D-B09C-4AA5-98D1-7A71CF8D4FD6}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{5749B4B8-2AF1-4383-AF30-25C72DBA3B91}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{7F441AC2-65A2-4A84-B956-94CE221653D1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{8DA5F935-5CEC-46DF-9724-6EFE85BD06E3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{95DE528E-65DA-45BC-979E-F1B7CD9DB67B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{972E75A4-B577-4ABB-98CB-724B8AE0DF08}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{A52B1E79-BFD9-4563-835F-D085B15644F2}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{A5356B39-B0EC-44B6-AB87-BB18EADD01B3}C:\anno1602\1602.exe" = protocol=17 | dir=in | app=c:\anno1602\1602.exe | 
"UDP Query User{F57C6D03-F918-4992-9518-AB7C53E89E05}C:\users\benni\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\benni\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Lenovo EasyCamera" = Lenovo EasyCamera
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1B018AED-F9E6-43C9-8A10-42AE9FE75E59}" = Desperados 2 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D6903FBB-FA2E-49DE-896F-7050B8679AFC}" = Moebius
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Algobox" = Algobox
"ANNO1602" = Anno 1602
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Desperados - Ein Wild West Abenteuer 1.01" = Desperados - Ein Wild West Abenteuer 1.01
"Earth 2160" = Earth 2160
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 2.3.2.804
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.35.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Music Maker Rock Edition 3 D" = MAGIX Music Maker Rock Edition 3 5.0.0.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Sins of a Solar Empire" = Sins of a Solar Empire
"Uninstall_is1" = Uninstall 1.0.0.1
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2079826306-1531348956-2000433453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Euthanasia V.1.0" = Euthanasia V.1.0
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 17:26:12 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 05.03.2013 07:55:07 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 06.03.2013 07:11:27 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 06.03.2013 15:04:58 | Computer Name = Benni-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
 Zeitstempel: 0x510610d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006de2d  ID des fehlerhaften
 Prozesses: 0x1ba4  Startzeit der fehlerhaften Anwendung: 0x01ce1a8cf9557db7  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: bd105e82-8690-11e2-9580-9344f1704cfc
 
Error - 07.03.2013 07:50:48 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 07.03.2013 07:51:30 | Computer Name = Benni-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16464 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 11cc    Startzeit: 01ce1b29f79bf632    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 09.03.2013 09:57:22 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.03.2013 10:49:34 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.03.2013 10:59:50 | Computer Name = Benni-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.03.2013 16:08:22 | Computer Name = Benni-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.584 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 133c    Startzeit:
 01ce20227a64eced    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: 9293944d-8c19-11e2-b896-ff50add3aeff  
 
[ Media Center Events ]
Error - 19.03.2011 13:21:33 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 18:21:05 - MCEClientUX konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 19.03.2011 13:22:07 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 18:21:54 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 21.03.2011 14:04:00 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 19:04:00 - Fehler beim Herstellen der Internetverbindung.  19:04:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.03.2011 14:04:14 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 19:04:08 - Fehler beim Herstellen der Internetverbindung.  19:04:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.03.2011 12:47:14 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 17:47:13 - Fehler beim Herstellen der Internetverbindung.  17:47:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.03.2011 12:47:22 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 17:47:19 - Fehler beim Herstellen der Internetverbindung.  17:47:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2011 06:30:24 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 12:30:24 - Fehler beim Herstellen der Internetverbindung.  12:30:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.03.2011 06:30:46 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 12:30:30 - Fehler beim Herstellen der Internetverbindung.  12:30:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2011 11:43:52 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 17:43:51 - Fehler beim Herstellen der Internetverbindung.  17:43:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2011 11:44:02 | Computer Name = Benni-PC | Source = MCUpdate | ID = 0
Description = 17:43:57 - Fehler beim Herstellen der Internetverbindung.  17:43:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.03.2013 11:03:39 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Personal Firewall" ist vom Dienst "McAfee Firewall
 Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.03.2013 11:03:39 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall 
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.03.2013 11:03:39 | Computer Name = Benni-PC | Source = NetBT | ID = 4321
Description = Der Name "BENNI-PC       :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.03.2013 11:04:34 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 14.03.2013 11:04:34 | Computer Name = Benni-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.03.2013 11:04:34 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 14.03.2013 11:05:57 | Computer Name = Benni-PC | Source = NetBT | ID = 4321
Description = Der Name "BENNI-PC       :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.100  registriert werden. Der Computer mit IP-Adresse 192.168.2.101
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.03.2013 11:06:43 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 14.03.2013 11:06:59 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 14.03.2013 11:06:59 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >

--- --- ---

t'john · 14.03.2013, 19:16

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL

O3 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O4 - HKU\S-1-5-21-2079826306-1531348956-2000433453-1000..\Run: [Akamai NetSession Interface] C:\Users\Benni\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) 
[2013.03.13 15:45:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\1705187.pad 
[2013.03.13 15:29:29 | 000,002,734 | ---- | M] () -- C:\ProgramData\1705187.js 
[2013.03.13 15:29:29 | 000,000,153 | ---- | M] () -- C:\ProgramData\1705187.reg 
[2013.03.13 15:29:29 | 000,000,060 | ---- | M] () -- C:\ProgramData\1705187.bat 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Benni\*.tmp
C:\Users\Benni\AppData\*.dll
C:\Users\Benni\AppData\*.exe
C:\Users\Benni\AppData\Local\Temp\*.exe
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Houston · 14.03.2013, 21:13

Hoffe mal, ich hab alles richtig gemacht

Malwarebytes hat schon beim ersten Scan keine Malware gefunden.
Ich starte jetzt den adwcleaner und schicke dann noch die Logs nach

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2079826306-1531348956-2000433453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2079826306-1531348956-2000433453-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Benni\AppData\Local\Akamai\netsession_win.exe moved successfully.
C:\ProgramData\1705187.pad moved successfully.
C:\ProgramData\1705187.js moved successfully.
C:\ProgramData\1705187.reg moved successfully.
C:\ProgramData\1705187.bat moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{46F4D124-20E5-4D12-BE52-EC177A7A4B42} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Benni\*.tmp not found.
File\Folder C:\Users\Benni\AppData\*.dll not found.
File\Folder C:\Users\Benni\AppData\*.exe not found.
C:\Users\Benni\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\GoogleUpdateSetup.exe709b95 moved successfully.
C:\Users\Benni\AppData\Local\Temp\GoogleUpdateSetup.exe1416a9b moved successfully.
C:\Users\Benni\AppData\Local\Temp\GoogleUpdateSetup.exe6fd42 moved successfully.
C:\Users\Benni\AppData\Local\Temp\jre1.3.offline.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\jre1.6.offline.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\Need for Speed Carbon_uninst.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\TubeBox_Setup.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\uninst.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\unwise.exe moved successfully.
C:\Users\Benni\AppData\Local\Temp\wpsetup.exe moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Benni\Desktop\cmd.bat deleted successfully.
C:\Users\Benni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Benni
->Temp folder emptied: 5137431074 bytes
->Temporary Internet Files folder emptied: 7652979386 bytes
->FireFox cache emptied: 1153053483 bytes
->Google Chrome cache emptied: 399284828 bytes
->Flash cache emptied: 223437 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 677770 bytes
->Temporary Internet Files folder emptied: 524083 bytes
->FireFox cache emptied: 18781918 bytes
->Flash cache emptied: 727 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 32348 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: TEMP.Benni-PC
->Temp folder emptied: 32799 bytes
->Temporary Internet Files folder emptied: 47126 bytes
 
User: TEMP.Benni-PC.000
->Temp folder emptied: 32348 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1245815354 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045936 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 14.920,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_194838

Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Benni\AppData\Local\Temp\~DF096F1644C0057FD7.TMP not found!
File\Folder C:\Users\Benni\AppData\Local\Temp\~DF6108E7B057F994D7.TMP not found!
File\Folder C:\Users\Benni\AppData\Local\Temp\~DF97FA190F40774066.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 14/03/2013 um 21:13:55 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Benni - BENNI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benni\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Benni\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\CT2653012
Ordner Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gelöscht : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\Smartbar
Ordner Gelöscht : C:\Users\Benni\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Datei : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\xc7ekxex.default\prefs.js

Gelöscht : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2653012.FirstTime", "true");
Gelöscht : user_pref("CT2653012.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2653012.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2653012.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Gelöscht : user_pref("CT2653012.UserID", "UN18367654550806622");
Gelöscht : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.autoDisableScopes", -1);
Gelöscht : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2653012.defaultSearch", "true");
Gelöscht : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2653012.enableAlerts", "false");
Gelöscht : user_pref("CT2653012.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2653012.fixPageNotFoundError", "false");
Gelöscht : user_pref("CT2653012.fixPageNotFoundErrorByUser", "false");
Gelöscht : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2653012.fixUrls", true);
Gelöscht : user_pref("CT2653012.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2653012.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2653012.isNewTabEnabled", false);
Gelöscht : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.keyword", false);
Gelöscht : user_pref("CT2653012.lastVersion", "10.14.65.43");
Gelöscht : user_pref("CT2653012.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2653012.openThankYouPage", "false");
Gelöscht : user_pref("CT2653012.openUninstallPage", "true");
Gelöscht : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gelöscht : user_pref("CT2653012.search.searchCount", "2");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.sendUsageEnabled", "false");
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363093764447");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1356084457857");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1363285746999");
Gelöscht : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363026692015");
Gelöscht : user_pref("CT2653012.serviceLayer_services_location_lastUpdate", "1363285893733");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345553992631");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352724122772");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.10.6.6_lastUpdate", "1342443931995");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359306115575");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360784553894");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363290131095");
Gelöscht : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1352733021554");
Gelöscht : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363026691895");
Gelöscht : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1363285893772");
Gelöscht : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1363285893595");
Gelöscht : user_pref("CT2653012.serviceLayer_services_setupAPI_lastUpdate", "1363285893882");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363026692118");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1363285746868");
Gelöscht : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1363285893622");
Gelöscht : user_pref("CT2653012.settingsINI", true);
Gelöscht : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gelöscht : user_pref("CT2653012.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2653012.smartbar.homepage", true);
Gelöscht : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gelöscht : user_pref("CT2653012.toolbarBornServerTime", "1-7-2012");
Gelöscht : user_pref("CT2653012.toolbarCurrentServerTime", "14-3-2013");
Gelöscht : user_pref("CT2653012.upgradeFromClearSBVersion", true);
Gelöscht : user_pref("CT2653012_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2653012&Se[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Veoh Web Player Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ct[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
Gelöscht : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2653012&SearchS[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2653012&Sea[...]
Gelöscht : user_pref("smartbar.machineId", "YY6XPASXHB0VP5M2NZE1UGOU67SOQIPHWUPHUWXIQVHLBRDNW8FZL85G7NU4J2SEEJE[...]
Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://go.web.de/tb/mff_startpage");

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\p97emptz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\Benni\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [356 octets] - [14/03/2013 21:11:29]
AdwCleaner[S2].txt - [12291 octets] - [14/03/2013 21:13:55]

########## EOF - C:\AdwCleaner[S2].txt - [12352 octets] ##########

--- --- ---

t'john · 15.03.2013, 09:15

Zitat:

Hoffe mal, ich hab alles richtig gemacht

Nein, du hast schritt 2 weggelassen.

Zitat:

Malwarebytes hat schon beim ersten Scan keine Malware gefunden.

Also wenn du meine Anweisungen ignorieren moechtest, koennen wir an dieser stelle auch abbrechen.
Hast du ueberhaupt richig gelesen, womit du scannen solltest? Anscheinend nicht!

Houston · 15.03.2013, 12:38

Zitat:

Nein, du hast schritt 2 weggelassen.

Tut mir leid, wenn ich mich nicht klar ausgedrückt habe.
Ich habe Malwarebytes Anti-Rootkit (von mir fälschlich als Malwarebytes bezeichnet) heruntergeladen und mbar auf dem Desktop entpackt und gestartet, habe mein System scannen lassen. Das Program hat mir nach abgeschlossenem Scan angezeigt, dass mein System sauber ist und ein CleanUP nicht nötig ist.

14.03.2013 21:09:49
mbar-log-2013-03-14 (21-09-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31292
Time elapsed: 20 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

t'john · 15.03.2013, 13:53

gut!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

danach:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

danach:

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Houston · 15.03.2013, 14:58

Es gibt ein kleines Problem, habe aswMBR runtergeladen, die Avast downloads durchführen lassen und Scan gedrückt, allerdings hat sich mein Computer beim Systemcheck durch das Programm aufgehängt und nach einem Neustart ist jetzt der Scan-Button ausgeblendet, auch nach mehrmaligem Schließen und öffnen des Programms :/

t'john · 15.03.2013, 21:00

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

danach ab ESET weitermachen.

t'john · 30.04.2013, 18:29

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Malware

Plagegeister aller Art und deren Bekämpfung: GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

GVU Malware

Ähnliche Themen: GVU Malware

15.03.2013, 14:58	#9
Houston	GVU Malware Es gibt ein kleines Problem, habe aswMBR runtergeladen, die Avast downloads durchführen lassen und Scan gedrückt, allerdings hat sich mein Computer beim Systemcheck durch das Programm aufgehängt und nach einem Neustart ist jetzt der Scan-Button ausgeblendet, auch nach mehrmaligem Schließen und öffnen des Programms :/