Laptop sehr langsam/fährt nicht ordnungsgemäß hoch

Dan!el · 16.03.2013, 17:49

Hallo ihr,

leider schreibe ich hier nicht gerne rein, denn wenn ich mal reinschreibe, dann hab ich ein Problem.

Und zwar ist mein Laptop seit gestern extrem langsam, er fährt nicht richtig hoch und braucht bestimmt 30 Minuten um vollständig zu laufen.

Wenn ich mich auf meinem (von 3) Benutzerkonto anmelde, fährt er nicht richtig hoch - es ist kein Desktop zu sehen. Es erscheint ein schwarzer Bildschirm, auf dem der Mauszeiger zu sehen ist. Ich kann zwar "Strg+Alt+Entf" drücken um den Task-Manager zu starten, jedoch zeigt er weiterhin "schwarz".
Wenn ich mich auf einem anderen Konto anmelde, geht das schon besser, zwar dauert es auch ewig aber ich komm auf den Desktop. Komischerweise waren die beiden Virenscanner "Microsoft Security Essentials" und "Avira Anti Vir" beide deaktiviert.

Gestern habe ich per Microsoft Security Essentials einen Suchlauf gestartet, er hat den Virus trojan:win32/reveton gefunden, den ich dann auch gelöscht hab (hoffe, das war nicht falsch).
Außerdem kam mir im Task-Manager die Datei "apsdaemon.exe" komisch vor.
Nachdem ich den Virus gestern "gelöscht" hab, bin ich davon ausgegangen, dass der PC wieder einwandfrei läuft, das konnte ich heute morgen dann leider nicht bestätigen.

Nun wende ich mich an euch, da ich nicht mehr weiter weiß.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: LAPTOP [Administrator]

16.03.2013 11:49:39
MBAM-log-2013-03-16 (17-45-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 542528
Laufzeit: 4 Stunde(n), 32 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.

(Ende)

ich habe die bösartigen Dateien aus dem CODE nicht gelöscht, da es hier so in der Beschreibung stand.

wie gehe ich weiter vor?`

Herzlichen Dank schonmal an den fleißigen Helfer! :-))

aharonov · 16.03.2013, 17:52

Hallo Dan!el und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Zitat:

wie gehe ich weiter vor?

So:

Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Gmer
Logs von OTL

Dan!el · 16.03.2013, 20:30

danke für deine Antwort!

Schritt 1 und 2 habe ich schon einmal durchgeführt, der dritte Schritt ist gerade in Arbeit.

hier die log zu Schritt 2

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 20:00:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465,76GB
Running: eou05i9k.exe; Driver: C:\Users\*\AppData\Local\Temp\fwldapow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                 fffff96000163c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8             fffff96000163c08 3 bytes [C0, 06, 02]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1084:2596]                     000007fef65ebd88
Thread  C:\Windows\system32\svchost.exe [1084:3180]                     000007fef64a5124
Thread  C:\Windows\system32\svchost.exe [1084:1628]                     000007fef5ea5170
Thread  C:\Windows\System32\spoolsv.exe [1432:2524]                     000007fef56e10c8
Thread  C:\Windows\System32\spoolsv.exe [1432:2512]                     000007fef56a6144
Thread  C:\Windows\System32\spoolsv.exe [1432:2516]                     000007fef6735fd0
Thread  C:\Windows\System32\spoolsv.exe [1432:2036]                     000007fef5683438
Thread  C:\Windows\System32\spoolsv.exe [1432:2008]                     000007fef67363ec
Thread  C:\Windows\System32\spoolsv.exe [1432:2556]                     000007fef9335e5c
Thread  C:\Windows\System32\spoolsv.exe [1432:2552]                     000007fef5d65074
Thread  C:\Windows\System32\spoolsv.exe [1432:2620]                     0000000001bae0bc
Thread  C:\Windows\system32\svchost.exe [2380:3772]                     000007fef3a08470
Thread  C:\Windows\system32\svchost.exe [2380:3616]                     000007fef3a12418
Thread  C:\Windows\system32\svchost.exe [2380:1864]                     000007fef389f130
Thread  C:\Windows\system32\svchost.exe [2380:3764]                     000007fef3894734
Thread  C:\Windows\system32\svchost.exe [2380:3408]                     000007fef3894734
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2936:3816]  000007fefc2f2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2936:2804]  000007fef0bad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2936:3628]  000007fef0bad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2936:1272]  000007fef64a5124
Thread  C:\Windows\system32\wbem\wmiprvse.exe [3980:1664]               000007fef3911c20

---- EOF - GMER 2.1 ----
         
 --- --- ---

aharonov · 16.03.2013, 20:35

Ok, sobald die OTL Logs da sind, geht's weiter.

Dan!el · 17.03.2013, 05:56

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 16.03.2013 20:26:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop\Trojaner Forum Hilfe
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,66% Memory free
5,99 Gb Paging File | 3,97 Gb Available in Paging File | 66,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 235,58 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FB0214-D3A2-4CA2-8781-F0B782AEF260}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{22A1D674-AFA2-416D-8F70-48C9DC68E0CC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{257288E9-81EC-4DEC-92DB-E97AE0B2B1C8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FE9B4CD-39E9-4186-AEC7-4EE5EF2F9CC3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34713078-9A43-4390-A314-81AFCBCE3DAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5AB78091-D7D9-4771-B2FB-C3166764681A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5DF73E33-CF77-4F2D-AB87-DADA60F6B518}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77B0E907-2053-4E54-926C-E78725D89A76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{784AF628-D970-4D07-9486-CF2E59951353}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{877B51DC-E9B4-4EEA-ABD7-4240126044A1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{89BB22EB-B1AF-4446-A30F-2460CD4124C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99D57EF5-0A24-48C2-AAE3-3C417A88F546}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A9882909-A59A-43EE-A5D0-5B7D21E91AC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ADD3FA61-828E-4CE3-93ED-9F4CA9433814}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2F82D09-AF52-4A8E-A2DA-F2F595BB272F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C3FD07AE-68B3-4FAC-A445-D34603E49F9F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C415DC0B-74B4-459F-BC35-85991018A085}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C44D9269-8A28-408E-87D9-EC6997F74BEE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA533A96-956D-4EB6-85C8-18A70967E89E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D862057E-9B90-406D-94F5-BDBD2CA2EFF7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D9183476-3A99-4722-BE65-11D31C1A57CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DC129EEE-2F16-419D-9FFA-3ECB9D52D14A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF12C00D-424A-4BBF-8142-12D6C73559DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E2EA8F1D-B9F7-4A21-8ACD-3BD45F173C34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F038DFD4-372A-4EE2-A717-C83DF19E9FEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3693AFB-E05F-464E-B65C-31D5DA368C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02999E52-EB9F-4828-A83C-608B8130FD47}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{042C3BF3-0316-4132-8998-EBA9344FE25B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{04C778C3-58A0-48F8-B462-1A2CAE304173}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{063CEC7F-6019-44D3-BD79-4B9D34A3B9D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BAEA813-19B4-4C3C-8670-14B5B516E405}" = protocol=6 | dir=out | app=system | 
"{0C648517-28A0-4BCE-A643-CE2626C890B7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{11870FA0-2C42-402B-A125-FC1832CA6E80}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{12BEB1D0-ECE1-4E17-B95B-BD497DD4EA91}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{12D70526-2CF9-451C-A96B-4AF3C43279DE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1925477B-CC9B-4DF5-9879-73F24A769B44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1C0C9954-2FF5-4741-AFEA-B47161024FCC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1D45C8E3-8702-46E4-AACB-916DE6EC0CEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2016C925-81EB-42A1-9A1C-8C29C7B8BC50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{277B11A8-76A7-4870-ADE6-941AC2331327}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C9AAC6F-9096-42F7-87E6-F56AC2917A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2F504F07-8DF1-4995-8471-53E49D96D527}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{35A429CD-50D4-4107-82A0-EF5EC6AC0AAC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{40EB7E13-0771-48B0-8F0E-148FCA217F13}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{4678138B-0517-4EFC-B089-8BFFA5C15485}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49D645BC-9B87-4EA5-B3FC-A1689672F08E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A1E1A32-091C-4901-80DB-E7BC37696649}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{51825653-005D-4DF7-BB5C-B2A2B6994396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53CCFD24-AE09-4B0F-BC76-C09EBD2FF487}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{549643FE-0109-462E-A672-13F9A5F74BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{55BC18F9-147C-4C26-972E-9D951D3EC922}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{58074702-EB24-4784-9A11-EE94BFA8B70E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67DBF5CB-D208-45F8-866D-626631E9668F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6A3C177B-FE0B-4154-906E-3C3682B98D79}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{818CFCF5-65FC-4A96-8604-A136DF39FDC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{89D88215-A125-40D9-BE7C-15A08D26529C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9071B9E0-1A2E-40CA-916F-59F83FC2CB38}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{97AB0F04-F2EA-4457-B480-5BE910610735}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9DD26D3B-6B3C-44E1-AE53-07914330CA57}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{A0D45E68-920E-4B31-8823-0AEA78D157A2}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B2E5759D-5825-4865-9A66-CAF514AF4091}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{B3016A3A-1211-4136-9B0C-4889136F3345}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5FF87E2-6460-4EB5-B274-1312DD765B9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7D45F91-FB64-446B-92BA-D719BF993336}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BAD85571-A4DD-42A2-AB9F-BD36C266BF0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD0B6D3F-D83A-4FF4-A3D4-F6A5014F5BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{BE5C150A-86C7-4C47-A3FE-526B1BF96DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{BFEEF65F-8B60-447D-8143-42A7CDD0E8FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C14B04CE-1D7E-4914-B82A-1CA70D5DA673}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C49020F8-E616-47B9-B17A-37B712409526}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{C7C93842-C9D4-435F-AC50-34C4310D8068}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CA0DD239-7ABD-41D8-8EB0-75BBEEF7B9BF}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{D542DB82-2DCF-47AC-B005-C04E59163723}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{D842435D-51EB-413A-A42D-B1C0C2C89C42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E8B89D91-51A6-486B-93AD-75B9E8C429BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EF94C6CD-0A29-40F5-BC10-6A81E90FDCA4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{F190C4EA-9FB8-4AAA-BEB2-3581AC8DEED5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F720B372-7EAE-4309-BD7D-E7E032233905}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FBED394D-E239-4E6B-84C1-CD6CA106BD4D}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"TCP Query User{6AC02D8E-5ECE-4909-A848-E99442C0EC04}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{91075196-536F-4D48-B48F-082CEF6F132A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{F292FE47-E385-493E-B0BE-F907F9B59B62}C:\users\*\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{1BE761D5-EFF4-487F-A3CF-D1BA6EA5D5D5}C:\users\*\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{E7AB5C26-E709-469B-AF02-BB5BD4739D1E}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{F7F5EFA3-0374-4CA0-8477-B0E35E631251}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05A10D05-8389-4CA2-963A-CA7C08AC2BD8}" = iPhone-Konfigurationsprogramm
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4367BF53-8748-4122-8516-85E4375925AF}" = MixMeister CD-R Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A142E531-C598-4C74-895B-7EEACF0D571E}" = QuickShare
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA0157BF-CA0C-42A8-A228-90A231AA9964}" = Passware Kit Standard Demo 12.1
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"EA Installer.-1797597899" = EA Installer
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series Manual" = EPSON SX525WD Series Handbuch
"EPSON SX525WD Series Network Guide" = EPSON SX525WD Series Netzwerk-Handbuch
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Studio_is1" = Free Studio version 4.8
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.2" = Live 8.2
"Live 8.2.1" = Live 8.2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MixMeister Fusion Video_is1" = MixMeister Fusion Video 7.0.8
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mp3tag" = Mp3tag v2.53
"NSS" = Norton Security Scan
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDF Editor 3" = PDF Editor 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1307843583-436666528-1061456165-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.03.2013 14:57:51 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1032508
 
Error - 16.03.2013 14:57:52 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.03.2013 14:57:52 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1033506
 
Error - 16.03.2013 14:57:52 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1033506
 
Error - 16.03.2013 14:57:53 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.03.2013 14:57:53 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1034505
 
Error - 16.03.2013 14:57:53 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1034505
 
Error - 16.03.2013 14:57:54 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.03.2013 14:57:54 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1035519
 
Error - 16.03.2013 14:57:54 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1035519
 
[ Media Center Events ]
Error - 28.03.2012 11:49:27 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 17:49:27 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 28.03.2012 11:49:40 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 17:49:32 - Fehler beim Herstellen der Internetverbindung.  17:49:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.03.2013 15:11:41 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 16.03.2013 15:11:54 | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
 
Error - 16.03.2013 15:11:54 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 16.03.2013 15:12:11 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst UxSms erreicht.
 
Error - 16.03.2013 15:12:41 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 16.03.2013 15:13:11 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AudioEndpointBuilder erreicht.
 
Error - 16.03.2013 15:13:41 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 16.03.2013 15:14:11 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst UxSms erreicht.
 
Error - 16.03.2013 15:14:41 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 16.03.2013 15:15:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AudioEndpointBuilder erreicht.
 
 
< End of report >

LOG.txt

Code:

ATTFilter

OTL logfile created on: 16.03.2013 20:26:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop\Trojaner Forum Hilfe
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,66% Memory free
5,99 Gb Paging File | 3,97 Gb Available in Paging File | 66,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 235,58 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.16 20:25:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\Trojaner Forum Hilfe\OTL.exe
PRC - [2013.02.04 17:10:10 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\*\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 16:01:53 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:35:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:35:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.08 22:35:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.27 21:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.24 13:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 23:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013.02.20 12:57:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.20 12:57:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.04 17:10:10 | 000,023,040 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.02.04 17:10:08 | 000,036,864 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.02.04 17:10:06 | 001,575,424 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.02.04 17:10:06 | 000,007,680 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.02.04 17:07:02 | 000,650,240 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.02.04 17:06:58 | 000,040,960 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.02.04 17:06:56 | 000,051,200 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.02.04 17:06:56 | 000,044,032 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.02.04 17:06:54 | 000,073,728 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.02.04 17:06:52 | 000,062,976 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.02.04 17:06:52 | 000,018,944 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.02.04 17:06:52 | 000,013,312 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.02.04 17:06:52 | 000,006,144 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.02.04 17:06:50 | 000,012,800 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.02.04 17:06:50 | 000,007,168 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.02.04 17:06:48 | 000,012,288 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.02.04 17:06:48 | 000,009,728 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.02.04 17:06:48 | 000,007,168 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.02.04 17:06:46 | 000,074,752 | ---- | M] () -- C:\Users\*\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.01.11 10:26:40 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013.01.11 10:26:32 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.01.10 16:22:59 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.01.10 15:13:18 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 15:13:15 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.10 15:13:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.10 15:12:38 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 15:12:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 15:12:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 15:12:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 15:12:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.05 02:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.10.20 00:41:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.13 19:16:05 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 22:35:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:35:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.08 22:35:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 22:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.08 22:35:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:35:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.14 15:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.11 05:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.27 08:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.24 04:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.03.28 16:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=hp&installDate=01/01/1970"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@stumbleupon.com:3.97.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {75c879d7-a273-4485-ac9a-0dca2a627594}:1.1
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&installDate=01/01/1970&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.22 11:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 18:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.26 10:01:40 | 000,000,000 | ---D | M]
 
[2010.09.15 16:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2013.03.05 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions
[2013.03.05 18:22:30 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{75c879d7-a273-4485-ac9a-0dca2a627594}
[2011.05.17 18:00:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.01.11 10:26:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.05 18:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\staged
[2012.01.19 12:18:22 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\toolbar@stumbleupon.com
[2012.01.19 22:04:32 | 000,002,342 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icq-search.xml
[2011.05.17 18:00:07 | 000,000,168 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.gif
[2011.05.17 18:00:07 | 000,000,618 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.src
[2013.03.05 18:22:34 | 000,022,903 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\Web Search.xml
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 10:11:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.19 20:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 18:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.12 18:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 21:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.10.07 16:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.20 13:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.01.22 11:32:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.01.19 22:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 22:04:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.19 22:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.19 22:04:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.19 22:04:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.msn.com/
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f\u00FCr BlackBerry App World\npappworld.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: QuickShare Widget = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: YouTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: preisspion.de = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\
CHR - Extension: vshare plugin = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Skype Click to Call = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AT_Delbuck = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: StumbleUpon = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\
CHR - Extension: Google Mail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-1307843583-436666528-1061456165-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004..\Run: [Browser Infrastructure Helper] C:\Users\*\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004..\Run: [Epson Stylus SX525WD(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S7B37.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B504F3-FA01-4A74-AFEB-DF136A74AE03}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2cac9685-83b5-11e1-83af-00269eeb2d9b}\Shell - "" = AutoRun
O33 - MountPoints2\{2cac9685-83b5-11e1-83af-00269eeb2d9b}\Shell\AutoRun\command - "" = E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Trojaner Forum Hilfe
[2013.03.16 11:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2013.03.16 11:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 11:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 11:48:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.16 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.16 11:47:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Programs
[2013.03.13 23:50:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 23:50:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 23:50:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 23:49:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 23:49:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 23:49:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 23:49:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 23:49:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 23:49:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 23:49:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 23:49:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 23:49:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 23:49:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 23:49:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 23:49:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.05 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2013.02.27 23:18:34 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 23:18:33 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 23:18:33 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 23:18:33 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 23:18:17 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 23:18:17 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 23:18:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 23:18:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 23:18:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 23:18:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 23:18:02 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 23:18:02 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 23:18:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 23:18:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 23:18:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 23:18:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 23:18:01 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 23:18:01 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 23:18:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 23:18:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 23:18:00 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 23:18:00 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 23:18:00 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 23:18:00 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 23:18:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 23:18:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 23:18:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 23:18:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 23:17:59 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 23:17:59 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 23:17:59 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 23:17:59 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 23:17:58 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 23:17:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 23:17:58 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 23:17:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 23:17:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 23:17:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 23:17:56 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 23:17:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 23:17:56 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.20 12:59:40 | 000,000,000 | ---D | C] -- C:\d18245c7fc465f55ff77
[2013.02.17 23:40:13 | 000,000,000 | ---D | C] -- C:\73d1b77da1fb5acec3969832
[2013.02.15 15:01:31 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.02.15 15:01:31 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.02.15 15:01:31 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.17 19:59:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF099.dll
[2009.10.20 00:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.16 20:24:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 20:24:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.16 20:15:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.16 20:15:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.16 20:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 20:06:22 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 19:58:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004UA.job
[2013.03.16 19:58:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.16 17:57:38 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2013.03.16 12:45:56 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004Core.job
[2013.03.13 19:16:05 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 19:16:05 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.11 16:37:04 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for *.job
[2013.03.07 11:30:14 | 000,721,552 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.07 11:30:14 | 000,671,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.07 11:30:14 | 000,159,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.07 11:30:14 | 000,128,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.07 11:30:13 | 001,675,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 12:59:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.19 23:55:41 | 000,419,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 14:47:42 | 363,793,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.03.16 17:57:38 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2012.09.13 20:58:16 | 000,000,846 | ---- | C] () -- C:\Users\*\.recently-used.xbel
[2012.04.11 10:21:20 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.02.04 18:41:07 | 000,088,692 | ---- | C] () -- C:\Users\*\deep.mmp
[2011.11.04 12:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.10.19 19:21:10 | 000,001,073 | ---- | C] () -- C:\Windows\wininit.ini
[2011.09.28 17:15:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.27 12:55:00 | 000,015,090 | -HS- | C] () -- C:\Users\*\Folder.jpg
[2010.12.27 12:55:00 | 000,004,679 | -HS- | C] () -- C:\Users\*\AlbumArtSmall.jpg
[2010.12.24 13:15:57 | 000,041,116 | ---- | C] () -- C:\Users\*\frohe.jpg
[2010.08.15 19:25:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.12 11:47:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

aharonov · 17.03.2013, 12:30

Hallo,

machen wir weiter.
Bei dir laufen zwei Antivirenprogramme, das kann schon mal ein Grund für ein verlangsamtes System sein:

Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:

Avira Free Antivirus

Microsoft Security Essentials

Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von Combofix
Log von OTL

Dan!el · 17.03.2013, 16:28

Zitat:

Zitat von aharonov

Hallo,

machen wir weiter.
Bei dir laufen zwei Antivirenprogramme, das kann schon mal ein Grund für ein verlangsamtes System sein:

Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:

Avira Free Antivirus

Microsoft Security Essentials

Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).

[lesestoff]Hinweis: Registry Cleaner

welches sollte ich deiner Meinung nach deinstallieren?

aharonov · 17.03.2013, 16:36

Zitat:

welches sollte ich deiner Meinung nach deinstallieren?

Das spielt keine grosse Rolle. Behalte einfach dasjenige, welches dir besser passt.

Dan!el · 17.03.2013, 17:15

AdwCleaner.txt

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 17/03/2013 um 17:03:07 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : * - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*\Desktop\Trojaner Forum Hilfe\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\*\AppData\Local\Mozilla Firefox\.autoreg
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Mein Gutscheincode Finder
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\*\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\*\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\*\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\*\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\*\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\*\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\*\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\*\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\extensions\staged
Ordner Gelöscht : C:\Users\*\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\*\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\*\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\*\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\*\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-a273-4485-ac9a-0dca2a627594&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.24 (de)

Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&use[...]
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1362503865);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "take%20care||facebook||php%20online||moodle%20fh%20gelsenkirchen||d[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1310661044");
Gelöscht : user_pref("icqtoolbar.newtab_state", "0");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.24");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "129518876912951889261301183086781");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1362503870);
Gelöscht : user_pref("icqtoolbar.version", "1.1.9");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75c879d7-[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=75[...]

Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\9jqihf4l.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14803 octets] - [17/03/2013 17:03:07]

########## EOF - C:\AdwCleaner[S1].txt - [14864 octets] ##########

btw // ich habe Avira deinstalliert, und als ich schonmal beim Deinstallieren war, habe ich die alte ICQ Toolbar gleich mit rausgeschmissen.

weiteres folgt..

Combofix.txt

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-03-17.01 - * 17.03.2013  17:24:36.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3067.2113 [GMT 1:00]
ausgeführt von:: c:\users\*\Desktop\Trojaner Forum Hilfe\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\hpeF099.dll
c:\users\*\AppData\Roaming\.#
c:\users\*\600_b047_multilanguage.exe
c:\users\*\AppData\Roaming\.#
c:\users\*\AppData\Roaming\.#\MBX@B90@1F92770.###
c:\users\*\AppData\Roaming\.#\MBX@B90@1F927A0.###
c:\users\*\FileZilla_3.3.4.1_win32-setup.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-17 bis 2013-03-17  ))))))))))))))))))))))))))))))
.
.
2013-03-17 16:38 . 2013-03-17 16:38	--------	d-----w-	c:\users\*\AppData\Local\temp
2013-03-17 16:38 . 2013-03-17 16:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-17 16:38 . 2013-03-17 16:38	--------	d-----w-	c:\users\*\AppData\Local\temp
2013-03-17 04:55 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C07EDA0E-2ACE-4174-95FD-B0E54FC35AD9}\mpengine.dll
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-16 10:48 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-16 10:47 . 2013-03-16 10:47	--------	d-----w-	c:\users\*\AppData\Local\Programs
2013-03-15 14:37 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 22:50 . 2013-02-02 06:38	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-03-13 22:50 . 2013-02-02 03:23	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-03-13 22:50 . 2013-02-02 07:37	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-03-13 22:50 . 2013-02-02 06:38	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-13 22:50 . 2013-02-02 04:19	149552	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-03-13 22:50 . 2013-02-02 06:44	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-03-13 22:50 . 2013-02-02 03:27	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-03-13 22:50 . 2013-02-02 03:26	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-12 12:10 . 2012-11-28 15:57	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3310FC2-5C7D-4005-A862-A521CD31109F}\gapaengine.dll
2013-03-05 17:18 . 2013-03-05 17:18	--------	d-----w-	c:\users\*\AppData\Local\Macromedia
2013-02-27 22:17 . 2013-01-13 20:20	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-02-20 11:59 . 2013-02-20 11:59	--------	d-----w-	C:\d18245c7fc465f55ff77
2013-02-17 22:40 . 2013-02-17 22:40	--------	d-----w-	C:\73d1b77da1fb5acec3969832
2013-02-17 22:39 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 22:39 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 22:53 . 2010-10-12 15:53	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 18:16 . 2013-02-06 21:07	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 18:16 . 2011-06-14 16:06	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 12:11	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:11	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:11	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 12:11	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 12:11	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:11	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-08-30 15:13	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2010-10-24 20:25	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-15 15:56 . 2012-10-07 15:24	477616	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2010-08-22 13:58	473520	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-05 05:53 . 2013-02-14 17:13	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 17:13	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 17:13	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 17:13	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 17:13	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 17:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 17:13	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 17:13	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 17:13	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 17:13	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 17:13	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 17:12	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 17:12	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59	269824	----a-w-	c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-23 28792168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-20 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bexkjfpx;bexkjfpx;c:\windows\system32\drivers\bexkjfpx.sys [x]
R1 lwthqdqs;lwthqdqs;c:\windows\system32\drivers\lwthqdqs.sys [x]
R1 ooxnvdyi;ooxnvdyi;c:\windows\system32\drivers\ooxnvdyi.sys [x]
R1 rflcqgsr;rflcqgsr;c:\windows\system32\drivers\rflcqgsr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2011-11-22 18432]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 18:16]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 08:43]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 08:43]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 11:49]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 11:49]
.
2013-03-11 c:\windows\Tasks\Norton Security Scan for *.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-15 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-vShare.tv plugin - c:\program files (x86)\vShare.tv plugin\uninst.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-17  17:43:00
ComboFix-quarantined-files.txt  2013-03-17 16:42
.
Vor Suchlauf: 19 Verzeichnis(se), 253.825.798.144 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 257.264.074.752 Bytes frei
.
- - End Of File - - FBCE79180A6077FE19DE754676958350
         
 --- --- ---

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.03.2013 17:52:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop\Trojaner Forum Hilfe
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,12% Memory free
5,99 Gb Paging File | 4,13 Gb Available in Paging File | 68,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 239,57 Gb Free Space | 52,81% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.16 20:25:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\Trojaner Forum Hilfe\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.24 13:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.13 19:16:05 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Stopped] -- C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 22:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.14 15:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.11 05:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.27 08:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.24 04:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.03.28 16:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@stumbleupon.com:3.97.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {75c879d7-a273-4485-ac9a-0dca2a627594}:1.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.22 11:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 18:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.17 17:03:37 | 000,000,000 | ---D | M]
 
[2010.09.15 16:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2013.03.17 17:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions
[2013.03.05 18:22:30 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{75c879d7-a273-4485-ac9a-0dca2a627594}
[2013.01.11 10:26:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.19 12:18:22 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\toolbar@stumbleupon.com
[2012.01.19 22:04:32 | 000,002,342 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icq-search.xml
[2011.05.17 18:00:07 | 000,000,168 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.gif
[2011.05.17 18:00:07 | 000,000,618 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.src
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 10:11:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.19 20:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 18:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.12 18:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 21:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.10.07 16:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.20 13:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.01.22 11:32:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99H1N0KY.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2012.01.19 22:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 22:04:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.19 22:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.19 22:04:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.19 22:04:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.msn.com/
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f\u00FCr BlackBerry App World\npappworld.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AT_Delbuck = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: StumbleUpon = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\
CHR - Extension: Google Mail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.03.17 17:39:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B504F3-FA01-4A74-AFEB-DF136A74AE03}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 17:43:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.17 17:21:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.17 17:21:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.17 17:21:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.17 17:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.17 17:20:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.16 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Trojaner Forum Hilfe
[2013.03.16 11:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2013.03.16 11:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 11:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 11:48:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.16 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.16 11:47:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Programs
[2013.03.05 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2013.02.20 12:59:40 | 000,000,000 | ---D | C] -- C:\d18245c7fc465f55ff77
[2013.02.17 23:40:13 | 000,000,000 | ---D | C] -- C:\73d1b77da1fb5acec3969832
[2009.10.20 00:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 17:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.17 17:42:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004UA.job
[2013.03.17 17:39:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.17 17:14:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 17:14:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 17:14:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 17:06:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.17 17:06:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 17:06:17 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 16:19:53 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004Core.job
[2013.03.16 17:57:38 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2013.03.11 16:37:04 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for *.job
[2013.03.07 11:30:14 | 000,721,552 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.07 11:30:14 | 000,671,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.07 11:30:14 | 000,159,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.07 11:30:14 | 000,128,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.07 11:30:13 | 001,675,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 12:59:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.19 23:55:41 | 000,419,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.17 17:21:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.17 17:21:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.17 17:21:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.17 17:21:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.17 17:21:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 17:57:38 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2012.09.13 20:58:16 | 000,000,846 | ---- | C] () -- C:\Users\*\.recently-used.xbel
[2012.04.11 10:21:20 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.02.04 18:41:07 | 000,088,692 | ---- | C] () -- C:\Users\*\deep.mmp
[2011.11.04 12:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.28 17:15:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.27 12:55:00 | 000,015,090 | -HS- | C] () -- C:\Users\*\Folder.jpg
[2010.12.27 12:55:00 | 000,004,679 | -HS- | C] () -- C:\Users\*\AlbumArtSmall.jpg
[2010.12.24 13:15:57 | 000,041,116 | ---- | C] () -- C:\Users\*\frohe.jpg
[2010.08.15 19:25:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.12 11:47:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.22 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ableton
[2013.03.04 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Audacity
[2012.04.11 10:21:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CAD-KAS
[2011.01.20 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2013.03.17 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2013.01.11 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.11.04 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
[2011.12.31 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2012.06.11 22:04:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0
[2013.02.14 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2011.06.14 17:08:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQLite
[2011.12.25 15:27:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InterVideo
[2012.12.09 00:50:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mp3tag
[2012.03.12 14:36:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Product_RM
[2013.01.22 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Research In Motion
[2013.03.15 23:31:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
[2010.08.10 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2011.08.27 22:27:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2011.06.14 11:01:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQLite
[2010.08.12 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InterVideo
[2011.11.23 23:41:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

[/HTML]

aharonov · 17.03.2013, 19:01

Hallo,

dann so weiter:

Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschliesslich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link.
Speichere es erneut auf den Desktop (wichtig!).
Drücke die {Windows} + R Taste, schreibe notepad in das Ausführen Fenster und drücke OK.

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Driver::
bexkjfpx
lwthqdqs
ooxnvdyi
rflcqgsr

File::
c:\windows\system32\drivers\bexkjfpx.sys
c:\windows\system32\drivers\lwthqdqs.sys
c:\windows\system32\drivers\ooxnvdyi.sys
c:\windows\system32\drivers\rflcqgsr.sys

ADS::
C:\ProgramData\TEMP

DirLook::
C:\d18245c7fc465f55ff77
C:\73d1b77da1fb5acec3969832

Speichere dies als CFScript.txt auf deinen Desktop.
Wichtig: Stelle deine Antiviren-Software temporär ab. Diese kann ComboFix bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Schliesse alle anderen laufenden Programme, damit ComboFix ungehindert arbeiten kann.
Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Wenn ComboFix fertig ist, wird es ein Log erstellen (C:\ComboFix.txt).
Bitte füge den Inhalt dieses Logs in deine Antwort ein.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

Dan!el · 17.03.2013, 20:31

ComboFix.txt

Code:

ATTFilter

ComboFix 13-03-17.01 - * 17.03.2013  19:25:44.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3067.1656 [GMT 1:00]
ausgeführt von:: c:\users\*\Desktop\Trojaner Forum Hilfe\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\*\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\bexkjfpx.sys"
"c:\windows\system32\drivers\lwthqdqs.sys"
"c:\windows\system32\drivers\ooxnvdyi.sys"
"c:\windows\system32\drivers\rflcqgsr.sys"
.
 ADS - TEMP: deleted 363 bytes in 3 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bexkjfpx
-------\Service_lwthqdqs
-------\Service_ooxnvdyi
-------\Service_rflcqgsr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-17 bis 2013-03-17  ))))))))))))))))))))))))))))))
.
.
2013-03-17 18:37 . 2013-03-17 18:37	--------	d-----w-	c:\users\*\AppData\Local\temp
2013-03-17 18:37 . 2013-03-17 18:37	--------	d-----w-	c:\users\*\AppData\Local\temp
2013-03-17 04:55 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C07EDA0E-2ACE-4174-95FD-B0E54FC35AD9}\mpengine.dll
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-16 10:48 . 2013-03-16 10:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-16 10:48 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-16 10:47 . 2013-03-16 10:47	--------	d-----w-	c:\users\*\AppData\Local\Programs
2013-03-15 14:37 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 22:50 . 2013-02-02 06:38	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-03-13 22:50 . 2013-02-02 03:23	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-03-13 22:50 . 2013-02-02 07:37	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-03-13 22:50 . 2013-02-02 06:38	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-13 22:50 . 2013-02-02 04:19	149552	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-03-13 22:50 . 2013-02-02 06:44	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-03-13 22:50 . 2013-02-02 03:27	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-03-13 22:50 . 2013-02-02 03:26	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-12 12:10 . 2012-11-28 15:57	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3310FC2-5C7D-4005-A862-A521CD31109F}\gapaengine.dll
2013-03-05 17:18 . 2013-03-05 17:18	--------	d-----w-	c:\users\*\AppData\Local\Macromedia
2013-02-27 22:17 . 2013-01-13 20:20	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-02-20 11:59 . 2013-02-20 11:59	--------	d-----w-	C:\d18245c7fc465f55ff77
2013-02-17 22:40 . 2013-02-17 22:40	--------	d-----w-	C:\73d1b77da1fb5acec3969832
2013-02-17 22:39 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 22:39 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 22:53 . 2010-10-12 15:53	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 18:16 . 2013-02-06 21:07	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 18:16 . 2011-06-14 16:06	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 12:11	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:11	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:11	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 12:11	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 12:11	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:11	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-08-30 15:13	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2010-10-24 20:25	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-15 15:56 . 2012-10-07 15:24	477616	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2010-08-22 13:58	473520	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-05 05:53 . 2013-02-14 17:13	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 17:13	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 17:13	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 17:13	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 17:13	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 17:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 17:13	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 17:13	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 17:13	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 17:13	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 17:13	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 17:12	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 17:12	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\73d1b77da1fb5acec3969832 ----
.
2013-02-17 22:40 . 2013-02-17 22:40	788	---ha-w-	c:\73d1b77da1fb5acec3969832\$shtdwn$.req
2012-12-06 15:59 . 2012-12-06 15:59	36670	----a-w-	c:\73d1b77da1fb5acec3969832\1055\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	28184	----a-w-	c:\73d1b77da1fb5acec3969832\2052\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37886	----a-w-	c:\73d1b77da1fb5acec3969832\2070\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37704	----a-w-	c:\73d1b77da1fb5acec3969832\3082\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	31432	----a-w-	c:\73d1b77da1fb5acec3969832\1041\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	30484	----a-w-	c:\73d1b77da1fb5acec3969832\1042\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37352	----a-w-	c:\73d1b77da1fb5acec3969832\1043\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37016	----a-w-	c:\73d1b77da1fb5acec3969832\1044\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37728	----a-w-	c:\73d1b77da1fb5acec3969832\1045\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37140	----a-w-	c:\73d1b77da1fb5acec3969832\1046\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	38052	----a-w-	c:\73d1b77da1fb5acec3969832\1049\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	36404	----a-w-	c:\73d1b77da1fb5acec3969832\1053\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	36432	----a-w-	c:\73d1b77da1fb5acec3969832\1030\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	38458	----a-w-	c:\73d1b77da1fb5acec3969832\1031\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	39418	----a-w-	c:\73d1b77da1fb5acec3969832\1032\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	36394	----a-w-	c:\73d1b77da1fb5acec3969832\1035\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	38234	----a-w-	c:\73d1b77da1fb5acec3969832\1036\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	33278	----a-w-	c:\73d1b77da1fb5acec3969832\1037\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	38212	----a-w-	c:\73d1b77da1fb5acec3969832\1038\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37554	----a-w-	c:\73d1b77da1fb5acec3969832\1040\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	34442	----a-w-	c:\73d1b77da1fb5acec3969832\1025\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	28212	----a-w-	c:\73d1b77da1fb5acec3969832\1028\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	37222	----a-w-	c:\73d1b77da1fb5acec3969832\1029\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	28212	----a-w-	c:\73d1b77da1fb5acec3969832\3076\LocalizedData.xml
2012-12-06 15:59 . 2012-12-06 15:59	27652	----a-w-	c:\73d1b77da1fb5acec3969832\ParameterInfo.xml
2012-12-06 15:56 . 2012-12-06 15:56	3725312	----a-w-	c:\73d1b77da1fb5acec3969832\NDP40-KB2789642.msp
2012-12-06 15:32 . 2012-12-06 15:32	128333	----a-w-	c:\73d1b77da1fb5acec3969832\1028\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	101146	----a-w-	c:\73d1b77da1fb5acec3969832\1029\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	109464	----a-w-	c:\73d1b77da1fb5acec3969832\1030\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	91719	----a-w-	c:\73d1b77da1fb5acec3969832\1031\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	102048	----a-w-	c:\73d1b77da1fb5acec3969832\1032\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	138595	----a-w-	c:\73d1b77da1fb5acec3969832\1033\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	111176	----a-w-	c:\73d1b77da1fb5acec3969832\1035\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	133172	----a-w-	c:\73d1b77da1fb5acec3969832\1036\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	125351	----a-w-	c:\73d1b77da1fb5acec3969832\1037\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	110879	----a-w-	c:\73d1b77da1fb5acec3969832\1038\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	124974	----a-w-	c:\73d1b77da1fb5acec3969832\1040\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	111958	----a-w-	c:\73d1b77da1fb5acec3969832\1041\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	149503	----a-w-	c:\73d1b77da1fb5acec3969832\1042\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	35285	----a-w-	c:\73d1b77da1fb5acec3969832\1043\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	36083	----a-w-	c:\73d1b77da1fb5acec3969832\1044\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	126541	----a-w-	c:\73d1b77da1fb5acec3969832\1045\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	109574	----a-w-	c:\73d1b77da1fb5acec3969832\1046\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	49319	----a-w-	c:\73d1b77da1fb5acec3969832\1049\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	125073	----a-w-	c:\73d1b77da1fb5acec3969832\1053\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	112947	----a-w-	c:\73d1b77da1fb5acec3969832\1055\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	110754	----a-w-	c:\73d1b77da1fb5acec3969832\2052\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	125196	----a-w-	c:\73d1b77da1fb5acec3969832\2070\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	2060	----a-w-	c:\73d1b77da1fb5acec3969832\3076\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	108174	----a-w-	c:\73d1b77da1fb5acec3969832\3082\eula.rtf
2012-12-06 15:32 . 2012-12-06 15:32	3628	----a-w-	c:\73d1b77da1fb5acec3969832\header.bmp
2012-12-06 15:32 . 2012-12-06 15:32	196662	----a-w-	c:\73d1b77da1fb5acec3969832\SplashScreen.bmp
2012-12-06 15:32 . 2012-12-06 15:32	14084	----a-w-	c:\73d1b77da1fb5acec3969832\Strings.xml
2012-12-06 15:32 . 2012-12-06 15:32	36180	----a-w-	c:\73d1b77da1fb5acec3969832\UiInfo.xml
2012-12-06 15:32 . 2012-12-06 15:32	104072	----a-w-	c:\73d1b77da1fb5acec3969832\watermark.bmp
2012-12-06 15:32 . 2012-12-06 15:32	123035	----a-w-	c:\73d1b77da1fb5acec3969832\1025\eula.rtf
2012-12-05 15:21 . 2012-12-05 15:21	36194	----a-w-	c:\73d1b77da1fb5acec3969832\1033\LocalizedData.xml
2012-12-05 14:32 . 2012-12-05 14:32	14400	----a-w-	c:\73d1b77da1fb5acec3969832\2052\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19008	----a-w-	c:\73d1b77da1fb5acec3969832\2070\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19008	----a-w-	c:\73d1b77da1fb5acec3969832\3082\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19008	----a-w-	c:\73d1b77da1fb5acec3969832\1049\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	17984	----a-w-	c:\73d1b77da1fb5acec3969832\1053\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	17984	----a-w-	c:\73d1b77da1fb5acec3969832\1055\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18496	----a-w-	c:\73d1b77da1fb5acec3969832\1046\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19520	----a-w-	c:\73d1b77da1fb5acec3969832\1043\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18000	----a-w-	c:\73d1b77da1fb5acec3969832\1044\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18512	----a-w-	c:\73d1b77da1fb5acec3969832\1045\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	15936	----a-w-	c:\73d1b77da1fb5acec3969832\1041\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	15424	----a-w-	c:\73d1b77da1fb5acec3969832\1042\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19024	----a-w-	c:\73d1b77da1fb5acec3969832\1038\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18512	----a-w-	c:\73d1b77da1fb5acec3969832\1040\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	16976	----a-w-	c:\73d1b77da1fb5acec3969832\1037\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	17488	----a-w-	c:\73d1b77da1fb5acec3969832\1033\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18512	----a-w-	c:\73d1b77da1fb5acec3969832\1035\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19024	----a-w-	c:\73d1b77da1fb5acec3969832\1036\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19008	----a-w-	c:\73d1b77da1fb5acec3969832\1031\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	19536	----a-w-	c:\73d1b77da1fb5acec3969832\1032\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18496	----a-w-	c:\73d1b77da1fb5acec3969832\1029\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	18512	----a-w-	c:\73d1b77da1fb5acec3969832\1030\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	14416	----a-w-	c:\73d1b77da1fb5acec3969832\1028\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	14416	----a-w-	c:\73d1b77da1fb5acec3969832\3076\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	296496	----a-w-	c:\73d1b77da1fb5acec3969832\SetupUi.dll
2012-12-05 14:32 . 2012-12-05 14:32	17472	----a-w-	c:\73d1b77da1fb5acec3969832\1025\SetupResources.dll
2012-12-05 14:32 . 2012-12-05 14:32	810552	----a-w-	c:\73d1b77da1fb5acec3969832\SetupEngine.dll
2012-12-05 14:32 . 2012-12-05 14:32	78888	----a-w-	c:\73d1b77da1fb5acec3969832\Setup.exe
2012-12-05 14:19 . 2012-12-05 14:19	16118	----a-w-	c:\73d1b77da1fb5acec3969832\DHtmlHeader.html
2012-12-05 14:19 . 2012-12-05 14:19	30120	----a-w-	c:\73d1b77da1fb5acec3969832\SetupUi.xsd
2012-12-05 14:19 . 2012-12-05 14:19	196416	----a-w-	c:\73d1b77da1fb5acec3969832\sqmapi.dll
2012-12-05 14:19 . 2012-12-05 14:19	99896	----a-w-	c:\73d1b77da1fb5acec3969832\SetupUtility.exe
2012-12-05 14:16 . 2012-12-05 14:16	1150	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Print.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate1.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate2.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate3.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate4.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate5.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate6.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate7.ico
2012-12-05 14:16 . 2012-12-05 14:16	894	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Rotate8.ico
2012-12-05 14:16 . 2012-12-05 14:16	1150	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Save.ico
2012-12-05 14:16 . 2012-12-05 14:16	36710	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\Setup.ico
2012-12-05 14:16 . 2012-12-05 14:16	10134	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\stop.ico
2012-12-05 14:16 . 2012-12-05 14:16	1150	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\SysReqMet.ico
2012-12-05 14:16 . 2012-12-05 14:16	1150	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\SysReqNotMet.ico
2012-12-05 14:16 . 2012-12-05 14:16	10134	----a-w-	c:\73d1b77da1fb5acec3969832\Graphics\warn.ico
.
---- Directory of C:\d18245c7fc465f55ff77 ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59	269824	----a-w-	c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-23 28792168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-20 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 StumbleUponUpdater;StumbleUpon Updater;c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2011-11-22 18432]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 18:16]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 08:43]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 08:43]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 11:49]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 11:49]
.
2013-03-11 c:\windows\Tasks\Norton Security Scan for *.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-15 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\99h1n0ky.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-vShare.tv plugin - c:\program files (x86)\vShare.tv plugin\uninst.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-17  19:58:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-17 18:58
ComboFix2.txt  2013-03-17 16:43
.
Vor Suchlauf: 24 Verzeichnis(se), 257.514.557.440 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 257.270.173.696 Bytes frei
.
- - End Of File - - 0921D29CDC56E5D049FFB3BA054E01AC

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.03.2013 20:07:02 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop\Trojaner Forum Hilfe
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 55,96% Memory free
5,99 Gb Paging File | 4,45 Gb Available in Paging File | 74,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 239,70 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.16 20:25:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\Trojaner Forum Hilfe\OTL.exe
PRC - [2013.01.23 02:03:02 | 028,792,168 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.24 13:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 23:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.13 19:16:05 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 22:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.14 15:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.11 05:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.27 08:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.24 04:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.03.28 16:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360810x106l0433z115i5491u37p
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE392DE392
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@stumbleupon.com:3.97.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {75c879d7-a273-4485-ac9a-0dca2a627594}:1.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.22 11:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 18:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.17 17:03:37 | 000,000,000 | ---D | M]
 
[2010.09.15 16:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2013.03.17 17:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions
[2013.03.05 18:22:30 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{75c879d7-a273-4485-ac9a-0dca2a627594}
[2013.01.11 10:26:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.19 12:18:22 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\99h1n0ky.default\extensions\toolbar@stumbleupon.com
[2012.01.19 22:04:32 | 000,002,342 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icq-search.xml
[2011.05.17 18:00:07 | 000,000,168 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.gif
[2011.05.17 18:00:07 | 000,000,618 | ---- | M] () -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\99h1n0ky.default\searchplugins\icqplugin.src
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 10:11:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.19 20:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 18:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.12 18:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 21:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.10.07 16:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.20 13:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.15 15:01:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.01.22 11:32:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99H1N0KY.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2012.01.19 22:04:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 22:04:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.19 22:04:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.19 22:04:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.19 22:04:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.msn.com/
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f\u00FCr BlackBerry App World\npappworld.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AT_Delbuck = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: StumbleUpon = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\
CHR - Extension: Google Mail = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.03.17 19:39:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1307843583-436666528-1061456165-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B504F3-FA01-4A74-AFEB-DF136A74AE03}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 19:58:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.17 19:39:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.03.17 17:21:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.17 17:21:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.17 17:21:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.17 17:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.17 17:20:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.16 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Trojaner Forum Hilfe
[2013.03.16 11:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2013.03.16 11:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 11:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 11:48:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.16 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.16 11:47:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Programs
[2013.03.05 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2013.02.20 12:59:40 | 000,000,000 | ---D | C] -- C:\d18245c7fc465f55ff77
[2013.02.17 23:40:13 | 000,000,000 | ---D | C] -- C:\73d1b77da1fb5acec3969832
[2009.10.20 00:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 20:14:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 20:08:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 20:08:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 20:01:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.17 20:01:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 20:00:59 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 19:50:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.17 19:43:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004UA.job
[2013.03.17 19:39:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.17 19:17:22 | 000,001,185 | ---- | M] () -- C:\Users\*\Desktop\ComboFix.exe - Verknüpfung.lnk
[2013.03.17 16:19:53 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1307843583-436666528-1061456165-1004Core.job
[2013.03.16 17:57:38 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2013.03.11 16:37:04 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for *.job
[2013.03.07 11:30:14 | 000,721,552 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.07 11:30:14 | 000,671,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.07 11:30:14 | 000,159,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.07 11:30:14 | 000,128,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.07 11:30:13 | 001,675,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 12:59:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.19 23:55:41 | 000,419,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.17 19:17:22 | 000,001,185 | ---- | C] () -- C:\Users\*\Desktop\ComboFix.exe - Verknüpfung.lnk
[2013.03.17 17:21:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.17 17:21:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.17 17:21:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.17 17:21:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.17 17:21:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 17:57:38 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2012.09.13 20:58:16 | 000,000,846 | ---- | C] () -- C:\Users\*\.recently-used.xbel
[2012.04.11 10:21:20 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.02.04 18:41:07 | 000,088,692 | ---- | C] () -- C:\Users\*\deep.mmp
[2011.11.04 12:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.28 17:15:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.27 12:55:00 | 000,015,090 | -HS- | C] () -- C:\Users\*\Folder.jpg
[2010.12.27 12:55:00 | 000,004,679 | -HS- | C] () -- C:\Users\*\AlbumArtSmall.jpg
[2010.12.24 13:15:57 | 000,041,116 | ---- | C] () -- C:\Users\*\frohe.jpg
[2010.08.15 19:25:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.12 11:47:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.22 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ableton
[2013.03.04 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Audacity
[2012.04.11 10:21:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CAD-KAS
[2011.01.20 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2013.03.17 20:01:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2013.01.11 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.11.04 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
[2011.12.31 13:44:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2012.06.11 22:04:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0
[2013.02.14 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2011.06.14 17:08:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQLite
[2011.12.25 15:27:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InterVideo
[2012.12.09 00:50:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mp3tag
[2012.03.12 14:36:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Product_RM
[2013.01.22 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Research In Motion
[2013.03.15 23:31:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
[2010.08.10 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2011.08.27 22:27:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2011.06.14 11:01:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQLite
[2010.08.12 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InterVideo
[2011.11.23 23:41:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Epson
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Dan!el · 17.03.2013, 20:37

sorry, doppelpost

aharonov · 17.03.2013, 20:44

Hi,

ist der Rechner immer noch so langsam?

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Dan!el · 17.03.2013, 20:52

Zitat:

Zitat von aharonov

Hi,

ist der Rechner immer noch so langsam?

nein, er ist schon schneller geworden und läuft eigentlich wieder normal

vielen Dank nochmal, die weiteren Schritte werde ich jetzt erledigen.

aharonov · 17.03.2013, 20:58

Zitat:

nein, er ist schon schneller geworden und läuft eigentlich wieder normal

Prima

Melde dich einfach wieder, sobald du alle Logs hast, dann geht's hier weiter.

16.03.2013, 20:35	#4
aharonov /// TB-Ausbilder	Laptop sehr langsam/fährt nicht ordnungsgemäß hoch Ok, sobald die OTL Logs da sind, geht's weiter. __________________ cheers, Leo

Laptop sehr langsam/fährt nicht ordnungsgemäß hoch

Plagegeister aller Art und deren Bekämpfung: Laptop sehr langsam/fährt nicht ordnungsgemäß hoch