Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Keinerlei Downloads mehr möglich mit allen Browsern

Keinerlei Downloads mehr möglich mit allen Browsern


Plagegeister aller Art und deren Bekämpfung: Keinerlei Downloads mehr möglich mit allen Browsern

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 5 1 23 Letzte »
Alt 08.04.2013, 09:12   #1
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Guten Morgen, seit gestern bin ich ganz verzweifelt. Es sind keinerlei Downloads auf meinen PC mehr möglich. Ich kann weder E-Mail-Anhänge, noch Fotos oder sonst irgendeine Datei mehr herunterladen.
Die Bemerkung der verschiedenen Browser ist verschieden:
Chrome: Jeder versuchte Download wird mit dem Hinweis: "Fehler- Virus gefunden" abgebrochen.
Firefox: Der Download durchläuft den Virusscan und meldet erfolgreichen Download, aber am Speicherort ist die Datei micht gespeichert.
IE: Der Download von Fotos aus dem Internet ist möglich, E-Mail-Anhänge, wie .doc, enthalten angeblich einen Virus und werden beim Download gelöscht, das speichern oder ausführen von .exe (egal welche)wird wegen Viruswarnung abgebrochen.
Mein Antivirenprogramm ist AVG. Die einzige Virenverschiebung in Quarantäne hatte ich am 30.3.13, dort wurde ein Virus "JS/obfuscated" in die Quarantäne verschoben: Die Beschreibung lautet: C:/Users/Name/Appdata/Local/Temp/plugtmt-8/plugin-changeLog.pdf
Seit dem Datum hat AVG keine weitere Bedrohung gefunden.
Habe ich mir etwas eingefangen? Ich kann ja keinerlei weitere Software aus dem Internet zur genaueren Analyse herunterladen. Bitte Helft mir.
Mein Betriebsystem ist Windows Vista, bitte fragt welche Infos noch nötig sind.

OTL.txt

========== Files/Folders - Created Within 30 Days ==========

[2013.04.08 10:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\otl
[2013.04.08 10:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.07 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\arnie handy photos
[2013.03.29 21:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.29 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2013.03.29 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2013.03.29 20:53:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.29 20:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.29 20:51:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Avg2013
[2013.03.25 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG8UPG
[2013.03.23 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Origin
[2013.03.23 13:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.22 22:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\Origin
[2013.03.22 22:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.22 09:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.17 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\Ilka
[2013.03.13 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.08 10:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003UA.job
[2013.04.08 10:49:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 10:36:16 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.08 10:27:02 | 000,237,225 | ---- | M] () -- C:\Users\Ilka\Desktop\blumentest.jpeg
[2013.04.08 10:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 10:10:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.04.08 09:54:41 | 000,066,747 | ---- | M] () -- C:\Users\Ilka\Desktop\blumen.jpg
[2013.04.08 09:50:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 09:37:21 | 001,751,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 09:37:21 | 000,743,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 09:37:21 | 000,692,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 09:37:21 | 000,176,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 09:37:21 | 000,142,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 09:31:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 09:31:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 09:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 22:17:42 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 19:39:50 | 000,006,906 | ---- | M] () -- C:\Users\Ilka\Desktop\badezimmer beispiel.jpg
[2013.04.07 14:05:31 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:17 | 000,017,392 | ---- | M] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:59:30 | 000,017,977 | ---- | M] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.06 10:30:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003Core.job
[2013.04.03 21:09:04 | 007,600,116 | ---- | M] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:09:03 | 006,978,149 | ---- | M] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:08:51 | 005,637,235 | ---- | M] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:08:44 | 004,475,545 | ---- | M] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:08:22 | 003,226,500 | ---- | M] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:08:09 | 002,595,199 | ---- | M] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.04.03 19:41:26 | 000,002,029 | ---- | M] () -- C:\Users\Ilka\Desktop\Google Chrome.lnk
[2013.03.27 09:51:00 | 068,191,196 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013.03.24 12:01:38 | 000,012,996 | ---- | M] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.22 09:52:15 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.17 16:56:43 | 000,028,513 | ---- | M] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:11 | 000,060,055 | ---- | M] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:13 | 000,017,937 | ---- | M] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | M] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:39 | 000,075,773 | ---- | M] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:52:00 | 000,010,842 | ---- | M] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:43 | 000,019,815 | ---- | M] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.08 10:36:16 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.08 10:36:16 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.08 10:27:02 | 000,237,225 | ---- | C] () -- C:\Users\Ilka\Desktop\blumentest.jpeg
[2013.04.08 09:55:11 | 000,066,747 | ---- | C] () -- C:\Users\Ilka\Desktop\blumen.jpg
[2013.04.07 22:17:42 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 19:40:22 | 000,006,906 | ---- | C] () -- C:\Users\Ilka\Desktop\badezimmer beispiel.jpg
[2013.04.07 14:05:31 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:14 | 000,017,392 | ---- | C] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:37:01 | 000,017,977 | ---- | C] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.03 21:06:56 | 007,600,116 | ---- | C] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:06:56 | 006,978,149 | ---- | C] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:06:56 | 005,637,235 | ---- | C] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:06:56 | 004,475,545 | ---- | C] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:06:56 | 003,226,500 | ---- | C] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:06:56 | 002,595,199 | ---- | C] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.03.24 12:01:35 | 000,012,996 | ---- | C] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.17 16:56:42 | 000,028,513 | ---- | C] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:10 | 000,060,055 | ---- | C] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:11 | 000,017,937 | ---- | C] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | C] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:38 | 000,075,773 | ---- | C] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:51:58 | 000,010,842 | ---- | C] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:41 | 000,019,815 | ---- | C] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[2012.10.21 13:29:54 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2010.07.21 08:41:36 | 000,090,624 | ---- | C] () -- C:\Users\Ilka\AppData\Roaming\InstallProxy.exe
[2010.02.06 18:02:02 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.06 17:45:37 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.06 17:38:43 | 005,046,640 | ---- | C] () -- C:\Users\Ilka\Paint.NET.3.5.2.Install.exe
[2009.03.19 13:00:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.17 23:58:01 | 074,030,661 | ---- | C] () -- C:\Users\Ilka\dvd-cover.zip
[2009.01.01 20:29:40 | 000,023,552 | ---- | C] () -- C:\Users\Ilka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 17:55:09 | 000,007,916 | ---- | C] () -- C:\Users\Ilka\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.02.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Ashampoo
[2013.03.29 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2013.02.10 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Babylon
[2010.11.14 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Bidgood Svcs
[2012.05.19 12:21:57 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Black Sea Studios
[2012.04.28 14:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\calibre
[2010.08.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canneverbe Limited
[2012.12.18 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canon
[2013.02.10 11:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\CustomBrushesMini
[2012.05.20 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 23:12:43 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Pro
[2010.10.07 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.11.07 10:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Dropbox
[2013.01.03 12:12:27 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DVDVideoSoft
[2011.02.27 13:00:23 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.28 00:05:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\FileZilla
[2009.12.19 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome
[2009.04.15 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome Demo
[2013.02.18 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\gtk-2.0
[2009.12.20 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ICQ
[2009.09.20 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Image Zone Express
[2011.11.10 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\LaunchPad
[2009.01.03 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\OpenOffice.org
[2009.08.27 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Opera
[2013.03.23 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Origin
[2009.10.20 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\PC Suite
[2012.11.08 14:05:39 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\pdfforge
[2009.01.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Printer Info Cache
[2011.03.07 15:04:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ProtectDisc
[2009.10.20 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Samsung
[2013.03.02 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\SPORE
[2011.05.04 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Spotify
[2012.05.20 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TeamViewer
[2009.04.09 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\The Games Company
[2008.12.13 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TMP
[2010.03.21 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TomTom
[2013.03.29 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2012.11.15 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Visan
[2012.03.22 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\VoipStunt
[2010.01.06 18:04:39 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\WTouch

========== Purity Check ==========



< End of report >

Extras.txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.04.2013 10:59:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ilka\Desktop\otl
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,42 Gb Available Physical Memory | 67,73% Memory free
16,19 Gb Paging File | 13,22 Gb Available in Paging File | 81,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 303,49 Gb Free Space | 43,44% Space Free | Partition Type: NTFS
Drive I: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ILKA-PC | User Name: Ilka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = BE A0 B7 2B BF B4 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88DBDF-4DB9-405E-8370-96A128FC8868}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{14A0DCB1-97C7-4A41-B013-A54434B2CB88}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{17115F2A-FB30-4CCB-87EE-7DE37CC5C941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C54907B-C2EA-42E5-BAC3-56EEE23BE884}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{21B44EB0-5DE9-4265-A75F-B17408C46C35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{29F56DE1-003F-4D3B-AF82-10D992317728}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2D38CE79-7553-4B96-B181-1F8463AF6562}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3BBCD80D-B8D4-43A9-81C5-86A5E89FE79E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3BD72789-3CE7-4EDC-AFEA-38AD0AFDBFBC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C205C88-6464-40EB-A9FD-7B241ED0D129}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5A8E5508-52CC-4CFE-95F4-AA46FFCCBE30}" = rport=138 | protocol=17 | dir=out | app=system | 
"{67D2A658-332C-45C5-944A-1C31F17098B7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80402851-54E9-4698-86C2-DA06B90AB12D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{825AF40A-544B-47CA-8207-B9EB2326507B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{86305B37-DD58-4273-AE0F-4A8703F501CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8D53EF5B-686C-4B55-9387-70A5003A7C36}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{A353C321-E512-43AF-A4FD-60632B3B0A58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C3EE0451-35C8-4F3F-A003-EB7628682701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8E2B9B1-85D2-4ABB-9284-D8966614EB00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CE2427F6-0EE5-45EB-B8A5-2D66962F3231}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E9EE68EB-2AAF-4F15-8CBE-85ACD81C6EBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FB1B411F-9C9E-48E1-91E0-395D20916E8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05039092-70A6-4989-90A1-A26993B3CA17}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0796B10C-E8D5-4397-B909-C9F97329EADF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{10AA81E1-5804-48B8-912D-3D444836A62D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{11291592-8525-4F48-BE1F-BBB6AED834F0}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{184012D6-15BC-4914-BEB0-25ECC1A7D9BC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{1DBEEBCB-C878-4E95-AB24-12DE25441B41}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{25B109FC-1FF1-424A-99F1-4E75EE7BC335}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{34B5F60F-28A3-4F45-9C98-376AAF502AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{35997B5D-56BF-4BAF-BAA9-DE1C1E1DB7B3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{3B4ABD1A-C6D1-41DF-91EC-08ADC4CD774F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{4CAF9FEE-4938-4B46-BDC7-DA37AD29A71E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{4D13EDB4-3DFF-4019-A80E-0A9B75975563}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{58EB76C5-3292-43D2-B3F2-B737489F6558}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B28EDB7-3B67-49F0-88C9-12909D5D6188}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{5F2CF4FC-05D5-42C3-805D-4D708EFAF25A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{6045DF20-EC3D-48E0-BB27-6B976184551D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{62F70B98-2850-4622-A319-0766A1878316}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{636D76C3-C536-4A16-B919-C2B74CE1D5C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{63B101CF-044D-4F63-ABA0-8C04FB2C43A8}" = protocol=6 | dir=in | app=c:\users\ilka\appdata\local\temp\dsoclient\dlcache\app.n3app | 
"{6643CEB0-AF22-4487-8447-D0C2C45CE4FE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{69C46F40-C5A3-4A7D-BE5C-4BE9D78A96D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6DD99070-EFD0-4660-9F10-A6FDB85A20D2}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{6E2476FA-EEE8-4A21-B429-44BDA876278E}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{6E540632-FA6B-400D-BD8A-36DF3905AE36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7838DA94-B79D-436F-A052-247035F2AC6D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{78D18155-326C-420D-8AEE-E77C711102ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D0FC3C1-AA20-48EF-9F7B-6CBD19C51076}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{82055371-5BEE-4366-8CF1-6661AB894CD8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{85241DA0-75A6-4A2A-8C44-268DF73E37C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8B68FB90-82B3-4D33-A230-CE04A628661C}" = protocol=6 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe | 
"{8C3B68F3-EE1C-48B1-99BA-B5F2677F665E}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | 
"{8D3B5253-252A-4B59-BA8E-8EE48343CE39}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8F0B18EF-5024-43A0-962F-DC6645FA6B35}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{8FCC10C2-A955-4B18-BED6-1E999C63F2C4}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe | 
"{9420DD25-01B0-435A-AB6E-ADB5B0FC9FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{97FFE39E-2F24-4CB6-87EF-B7514D9234DC}" = protocol=17 | dir=in | app=c:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9BD0EFC4-DAD1-4DCE-B3EF-3DCF69D3537E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{9E433FE2-9B15-4212-B3CF-EBA8084EF0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{A50D2128-51FA-4832-9F5F-EBB9111372E1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{ACA95B81-1E55-40B5-A5AF-D2A22C60D0ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{B3C20EF0-0CA6-4E44-96C6-E81079546388}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B6BA87A7-3C76-4C37-B243-DF447A625BEC}" = protocol=6 | dir=in | app=c:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BD81A6CD-62C0-4D29-8162-49159AD5C6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe | 
"{BDD8B7EF-A6C2-4E8A-887E-CD1895B556AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BFA80417-296B-47DF-95E4-D40EE312FD9F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C474F0E0-D0E9-474F-87BD-875E37BA4610}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{C9E360B6-9B30-4A3A-B57F-A0CE05187CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{CF1889FA-7692-46A1-B4BF-20980E562CB7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D3C9A3FA-26EC-439D-8122-DC5B35302078}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D60572BC-261B-40E4-8192-A2094EAE9042}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{DBD6EB89-93CA-4B9A-9973-93E941880E06}" = protocol=17 | dir=in | app=c:\users\ilka\appdata\local\temp\dsoclient\dlcache\app.n3app | 
"{DC0E5673-1646-4433-835C-CCE71A636885}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{E4A457A5-204A-4CF2-9551-5869480CCF45}" = protocol=17 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe | 
"{E6644CDC-A268-4C2A-9546-93AEF7EDA1E7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{E7CF7322-8157-4456-BF09-B3717FF0D8F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{EC9D0123-AEB9-44C7-A915-FF8CDF1DEC69}" = protocol=17 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe | 
"{F2EFBF02-DB3F-4FD6-A43A-1B998286D8A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{F430ECB0-D0C8-4070-A4C1-F447E018EEBE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{F48D8FDB-6BDF-4437-B808-7D0909FC8840}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F82BEC46-D8AB-4823-9DF0-D27BCA2123D2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F8427E82-A1E4-4C32-BE8D-54F97D4C0335}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FBBD68E0-3896-45DA-8E74-5BEEB34127B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{0128145F-2DAD-4722-939F-DAE9BE787C75}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{01C32938-2D91-49CD-BA93-8A84BB5A56C6}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe | 
"TCP Query User{0CF2B4BB-8027-472D-89F8-6F98991EF1DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{362DA526-385C-4A17-9FFB-E2553279112A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{3829317E-4822-4A25-8761-EC042EDEFA31}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3A290094-8611-4ADB-9607-9A1B8DFF8630}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3A69181B-061E-4267-AB97-FB5B42F021C2}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"TCP Query User{4CCEA225-80C9-480C-97DD-CB3CAD9C7025}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{69C14B72-FAA7-4A4A-AA30-079443AF52AA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{80CFE6B1-73C8-46DE-A7CE-683C7E02157F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{8ADA8497-E60E-4364-A00D-9B5B87418D8B}C:\users\ilka\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ilka\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{8D2B8D50-0103-44B6-98D2-C77A4BA1787B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{969D52E0-3870-4FEF-AC16-FEAC8C1F8686}C:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{AD68137F-C826-4DE8-9CED-FEEBAEAACBD0}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{CD76811D-B10C-4CE0-9716-E4F36D3DE657}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"TCP Query User{D36EE75B-62FD-413F-8D2D-505169BDB412}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{0D0C598E-422A-48DE-9129-F05278BB5A7A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{2D1B021B-E543-47F9-97B7-8F82409DC17D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{32DA4A59-DD52-4EDB-BC0B-7C78468D309A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{34147223-87EF-450E-818C-0B52C04E05E2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4325E441-D755-4707-B44A-2D29A517F5EF}C:\users\ilka\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ilka\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{46E82933-FB01-434D-8DEE-4939B3910FD4}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe | 
"UDP Query User{656BF307-A25E-4101-BD6F-13C9816D1140}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{6C6849C4-DD21-447F-9FA6-C5A8F3C31D21}C:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ilka\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8B64F133-3B43-4FFF-82A5-C34A1F7FE264}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"UDP Query User{8D903AF8-3113-489B-BEC0-EF8E2F710F09}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{8ED38220-F977-4754-BAB5-14C363370A41}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{BAD9B908-C48F-43CD-9E6A-B91DFDB558A6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{BE9C13F9-E0AB-4BE9-929F-4A4C9F892CF6}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{D964517E-A70C-4F9B-82D7-FE2BF9FCC24D}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"UDP Query User{EC03955E-C756-4B67-9261-D93D64E68777}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F71FF9A2-8BF9-43EB-9927-07923C6D6012}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"GIMP-2_is1" = GIMP 2.8.4
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{471F7EDB-6C75-4195-B65D-800DCE4A9E1D}" = WDtransitionInstall_GD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C58B5D8-5DCF-4AFF-900C-26ABADE10692}" = Integrity Tool
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65422AD6-A33F-49C6-A02C-A6FD81FAAEB2}_is1" = Tropico Reloaded
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{805C9391-883B-4B17-BB31-2893C43230BD}" = AusweisApp
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8405F097-7DC0-4B10-9D17-DF07C95FE61E}" = Create™ Demo
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF5534DD-5F2C-CD72-3C88-C84C3A50C2D9}" = myphotobook.de
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C6D91586-9F98-4CFD-9BC3-FC0800911005}" = SmartCard Reader Driver Installation
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}" = Desktop Notifier
"{DF9F9A90-CEFD-4808-815F-E16932271031}" = Nero BackItUp 2 Essentials
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Belltech Greeting Card Designer 5.3.2_is1" = Belltech Greeting Card Designer 5.3.2
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MP495 series Benutzerregistrierung" = Canon MP495 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Ceville" = Ceville 1.0
"Chronicles of Mystery/DE-German_is1" = Das Vermächtnis: Testament of Sin
"Civitas3" = Grand Ages Rome 1.01
"DAEMON Tools Lite" = DAEMON Tools Lite
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Deponia" = Deponia
"DivX Setup" = DivX-Setup
"Drakensang Online" = Drakensang Online
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FileZilla Client" = FileZilla Client 3.2.8.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HP Photo Creations" = HP Photo Creations
"InstallShield_{C6D91586-9F98-4CFD-9BC3-FC0800911005}" = SmartCard Reader Driver Installation
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"Patrizier II Gold_is1" = Patrizier II Gold
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"Picture Resize_is1" = Free Picture Resize Starter 4.5
"PIXresizer_is1" = PIXresizer 2.0.4
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"Software Informer_is1" = Software Informer 1.0 BETA
"Songr" = Songr
"Spotify" = Spotify
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"VoipStunt_is1" = VoipStunt
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Square Enix Secure Launcher" = Square Enix Secure Launcher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.04.2013 05:19:52 | Computer Name = Ilka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 05:22:11 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.04.2013 05:22:11 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
 
Error - 05.04.2013 05:22:11 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
 
Error - 05.04.2013 05:22:13 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.04.2013 05:22:13 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3906
 
Error - 05.04.2013 05:22:13 | Computer Name = Ilka-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906
 
Error - 07.04.2013 06:27:35 | Computer Name = Ilka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.04.2013 14:28:22 | Computer Name = Ilka-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2013 03:31:25 | Computer Name = Ilka-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 08.04.2013 03:32:38 | Computer Name = Ilka-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.04.2013 14:28:25 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 07.04.2013 14:28:25 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.04.2013 14:29:11 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 07.04.2013 14:29:11 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.04.2013 18:02:58 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 08.04.2013 03:32:40 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 08.04.2013 03:32:40 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 08.04.2013 03:32:40 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.04.2013 03:33:39 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 08.04.2013 03:33:39 | Computer Name = Ilka-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---

Alt 08.04.2013, 13:06   #2
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Hi,

das gepostet Log OTL.txt ist unvollständig, es fehlt der obere Teil. Bitte reiche das komplette OTL.txt Log noch einmal nach.

Zitat:
das speichern oder ausführen von .exe (egal welche)wird wegen Viruswarnung abgebrochen.
Wie hast du denn die OTL.exe ausführen können?
__________________

__________________
Alt 08.04.2013, 13:39   #3
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Logfiles


OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.04.2013 10:59:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ilka\Desktop\otl
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,42 Gb Available Physical Memory | 67,73% Memory free
16,19 Gb Paging File | 13,22 Gb Available in Paging File | 81,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 303,49 Gb Free Space | 43,44% Space Free | Partition Type: NTFS
Drive I: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ILKA-PC | User Name: Ilka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.08 10:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ilka\Desktop\otl\OTL.exe
PRC - [2013.02.21 09:51:34 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Ilka\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.11.01 19:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 14:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.bin
PRC - [2012.04.17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.06 22:15:35 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.07.16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files (x86)\Starfield\offSyncService.exe
PRC - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.02.26 10:49:18 | 000,099,328 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2008.02.21 15:41:10 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013.03.12 23:23:25 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012.11.01 19:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.01 19:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.15 18:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009.07.15 18:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 23:23:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010.07.16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2012.09.21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.05.20 17:15:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.09 22:52:51 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.10 15:27:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.10 15:27:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.20 21:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.04.10 23:34:06 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009.03.20 10:01:30 | 000,157,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.03.20 10:01:30 | 000,116,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.03.20 10:01:30 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2007.11.21 11:27:00 | 000,376,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007.02.16 02:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006.12.13 16:42:08 | 000,028,544 | ---- | M] (USB Smart Card Reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\EMVSCARD.sys -- (EMVSCARD)
DRV - [2011.07.06 22:15:53 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2011.07.06 22:15:29 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=7c6339a800000000000000508dbf97d0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=343
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=7c6339a800000000000000508dbf97d0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CE6C1439-11F2-4309-B076-A3FF0992A6DF}: "URL" = hxxp://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Ilka\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ilka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ilka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009.12.22 11:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.11.04 13:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.11.04 13:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.25 18:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.03 12:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.08 10:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.13 10:00:52 | 000,000,000 | ---D | M]
 
[2010.03.21 19:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Extensions
[2010.03.21 19:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.10 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.10 23:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.02.10 23:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\Ilka\AppData\Roaming\Mozilla\Profiles\n4upzdhr.IlkaFirefox\extensions
[2012.11.06 18:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2013.04.08 10:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.13 10:00:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.10 22:50:16 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.16 12:08:08 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Online File Folder plugin 1.0.0.17 (Enabled) = C:\Users\Ilka\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.0.13 (Enabled) = C:\Users\Ilka\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Bejeweled = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Search by Image for Google = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli\1.2_0\
CHR - Extension: Angry Birds = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: BeFunky Photo Editor = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: Wetter (Erweiterung) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\
CHR - Extension: Immortall = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgofchligkleafmbnobellmjjoppoin\1.6.0_0\
CHR - Extension: Adblock Plus = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Die Siedler Online = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dencfipkbmoplciolcjgmlabfllbdaof\1.0_0\
CHR - Extension: Google Kalender = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Elemente und Physik = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcpedjbhjpalhdjkbchahkcceaikoda\1.3.0_0\
CHR - Extension: Andrzej Mleczko = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddhjciibknifaafahnnjbpfnepoclm\2_0\
CHR - Extension: The QR Code Generator = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: AdBlock = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Creatures & Castles (Kreaturen & Burgen) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: Pixlr Editor = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Picnik = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: Skype Click to Call = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: NotScripts = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Psykopaint = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BePCSC] C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SmartMon] C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{820C886A-5B6E-4869-ACCF-4C424769B1F0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 15:42:24 | 000,000,046 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2e8ad8ba-a282-11e1-bb38-00508dbf97d0}\Shell - "" = AutoRun
O33 - MountPoints2\{2e8ad8ba-a282-11e1-bb38-00508dbf97d0}\Shell\AutoRun\command - "" = I:\install.exe -- [2011.06.10 23:14:22 | 000,378,880 | R--- | M] (Install.exe)
O33 - MountPoints2\{b74d817d-d16b-11e0-92bc-00508dbf97d0}\Shell - "" = AutoRun
O33 - MountPoints2\{b74d817d-d16b-11e0-92bc-00508dbf97d0}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 10:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\otl
[2013.04.08 10:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.07 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\arnie handy photos
[2013.03.29 21:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.29 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2013.03.29 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2013.03.29 20:53:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.29 20:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.29 20:51:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Avg2013
[2013.03.25 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG8UPG
[2013.03.23 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Origin
[2013.03.23 13:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.22 22:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\Origin
[2013.03.22 22:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.22 09:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.17 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\Ilka
[2013.03.13 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 10:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003UA.job
[2013.04.08 10:49:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 10:36:16 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.08 10:27:02 | 000,237,225 | ---- | M] () -- C:\Users\Ilka\Desktop\blumentest.jpeg
[2013.04.08 10:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 10:10:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.04.08 09:54:41 | 000,066,747 | ---- | M] () -- C:\Users\Ilka\Desktop\blumen.jpg
[2013.04.08 09:50:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 09:37:21 | 001,751,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 09:37:21 | 000,743,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 09:37:21 | 000,692,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 09:37:21 | 000,176,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 09:37:21 | 000,142,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 09:31:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 09:31:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 09:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 22:17:42 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 19:39:50 | 000,006,906 | ---- | M] () -- C:\Users\Ilka\Desktop\badezimmer beispiel.jpg
[2013.04.07 14:05:31 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:17 | 000,017,392 | ---- | M] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:59:30 | 000,017,977 | ---- | M] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.06 10:30:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003Core.job
[2013.04.03 21:09:04 | 007,600,116 | ---- | M] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:09:03 | 006,978,149 | ---- | M] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:08:51 | 005,637,235 | ---- | M] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:08:44 | 004,475,545 | ---- | M] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:08:22 | 003,226,500 | ---- | M] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:08:09 | 002,595,199 | ---- | M] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.04.03 19:41:26 | 000,002,029 | ---- | M] () -- C:\Users\Ilka\Desktop\Google Chrome.lnk
[2013.03.27 09:51:00 | 068,191,196 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013.03.24 12:01:38 | 000,012,996 | ---- | M] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.22 09:52:15 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.17 16:56:43 | 000,028,513 | ---- | M] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:11 | 000,060,055 | ---- | M] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:13 | 000,017,937 | ---- | M] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | M] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:39 | 000,075,773 | ---- | M] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:52:00 | 000,010,842 | ---- | M] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:43 | 000,019,815 | ---- | M] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.08 10:36:16 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.08 10:36:16 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.08 10:27:02 | 000,237,225 | ---- | C] () -- C:\Users\Ilka\Desktop\blumentest.jpeg
[2013.04.08 09:55:11 | 000,066,747 | ---- | C] () -- C:\Users\Ilka\Desktop\blumen.jpg
[2013.04.07 22:17:42 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 19:40:22 | 000,006,906 | ---- | C] () -- C:\Users\Ilka\Desktop\badezimmer beispiel.jpg
[2013.04.07 14:05:31 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:14 | 000,017,392 | ---- | C] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:37:01 | 000,017,977 | ---- | C] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.03 21:06:56 | 007,600,116 | ---- | C] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:06:56 | 006,978,149 | ---- | C] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:06:56 | 005,637,235 | ---- | C] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:06:56 | 004,475,545 | ---- | C] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:06:56 | 003,226,500 | ---- | C] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:06:56 | 002,595,199 | ---- | C] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.03.24 12:01:35 | 000,012,996 | ---- | C] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.17 16:56:42 | 000,028,513 | ---- | C] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:10 | 000,060,055 | ---- | C] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:11 | 000,017,937 | ---- | C] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | C] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:38 | 000,075,773 | ---- | C] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:51:58 | 000,010,842 | ---- | C] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:41 | 000,019,815 | ---- | C] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[2012.10.21 13:29:54 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2010.07.21 08:41:36 | 000,090,624 | ---- | C] () -- C:\Users\Ilka\AppData\Roaming\InstallProxy.exe
[2010.02.06 18:02:02 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.06 17:45:37 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.06 17:38:43 | 005,046,640 | ---- | C] () -- C:\Users\Ilka\Paint.NET.3.5.2.Install.exe
[2009.03.19 13:00:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.17 23:58:01 | 074,030,661 | ---- | C] () -- C:\Users\Ilka\dvd-cover.zip
[2009.01.01 20:29:40 | 000,023,552 | ---- | C] () -- C:\Users\Ilka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 17:55:09 | 000,007,916 | ---- | C] () -- C:\Users\Ilka\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Ashampoo
[2013.03.29 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2013.02.10 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Babylon
[2010.11.14 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Bidgood Svcs
[2012.05.19 12:21:57 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Black Sea Studios
[2012.04.28 14:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\calibre
[2010.08.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canneverbe Limited
[2012.12.18 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canon
[2013.02.10 11:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\CustomBrushesMini
[2012.05.20 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 23:12:43 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Pro
[2010.10.07 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.11.07 10:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Dropbox
[2013.01.03 12:12:27 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DVDVideoSoft
[2011.02.27 13:00:23 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.28 00:05:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\FileZilla
[2009.12.19 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome
[2009.04.15 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome Demo
[2013.02.18 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\gtk-2.0
[2009.12.20 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ICQ
[2009.09.20 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Image Zone Express
[2011.11.10 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\LaunchPad
[2009.01.03 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\OpenOffice.org
[2009.08.27 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Opera
[2013.03.23 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Origin
[2009.10.20 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\PC Suite
[2012.11.08 14:05:39 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\pdfforge
[2009.01.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Printer Info Cache
[2011.03.07 15:04:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ProtectDisc
[2009.10.20 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Samsung
[2013.03.02 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\SPORE
[2011.05.04 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Spotify
[2012.05.20 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TeamViewer
[2009.04.09 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\The Games Company
[2008.12.13 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TMP
[2010.03.21 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TomTom
[2013.03.29 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2012.11.15 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Visan
[2012.03.22 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\VoipStunt
[2010.01.06 18:04:39 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\WTouch
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Ich hatte noch den alten Opera-Browser, damit lies sich downloaden (auch OTL), allerdings kann der bei Gmail keine Anhänge herunterladen.
__________________
Alt 08.04.2013, 13:52   #4
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Hi,

die Tools bitte immer direkt auf den Desktop legen und nicht in einen Unterordner.


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 08.04.2013, 14:48   #5
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 08/04/2013 um 15:03:57 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Ilka - ILKA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ilka\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\Program Files (x86)\DVDVideoSoftTB
Gelöscht mit Neustart : C:\Program Files (x86)\DVDVideoSoftTB
Gelöscht mit Neustart : C:\Program Files (x86)\PutLockerDownloader
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Local\PutLockerDownloader
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\DVDVideoSoftTB
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\DVDVideoSoftTB
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\facemoods.com
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\pdfforge
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Ilka\AppData\LocalLow\Search Settings
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Gelöscht mit Neustart : C:\Users\Ilka\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5c55d8dab735bd49
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{332061BF-2AF7-4B27-999D-87C0401F6203}
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c55d8dab735bd49
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{332061BF-2AF7-4B27-999D-87C0401F6203}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84AF44BB-D9FD-4C92-A62F-71F81262E2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1010BD0-B98C-4BB5-B02F-26C07EB15033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Ilka\AppData\Roaming\Mozilla\Firefox\Profiles\wrs8ha24.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [9797 octets] - [08/04/2013 15:03:57]

########## EOF - C:\AdwCleaner[S1].txt - [9857 octets] ##########
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.04.2013 15:51:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ilka\Desktop\otl
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 68,54% Memory free
16,05 Gb Paging File | 13,58 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 349,15 Gb Free Space | 49,98% Space Free | Partition Type: NTFS
Drive I: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ILKA-PC | User Name: Ilka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.08 10:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ilka\Desktop\otl\OTL.exe
PRC - [2013.03.26 20:34:10 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.11.01 19:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.bin
PRC - [2012.04.17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.06 22:15:35 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.07.16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files (x86)\Starfield\offSyncService.exe
PRC - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008.02.21 15:41:10 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 20:34:11 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012.11.01 19:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.01 19:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.15 18:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009.07.15 18:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 23:23:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010.07.16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2012.09.21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.05.20 17:15:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.09 22:52:51 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.10 15:27:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.10 15:27:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.20 21:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.04.10 23:34:06 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009.03.20 10:01:30 | 000,157,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.03.20 10:01:30 | 000,116,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.03.20 10:01:30 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2007.11.21 11:27:00 | 000,376,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007.02.16 02:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006.12.13 16:42:08 | 000,028,544 | ---- | M] (USB Smart Card Reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\EMVSCARD.sys -- (EMVSCARD)
DRV - [2011.07.06 22:15:53 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2011.07.06 22:15:29 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=343
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKCU\..\SearchScopes\{CE6C1439-11F2-4309-B076-A3FF0992A6DF}: "URL" = hxxp://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Ilka\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ilka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ilka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009.12.22 11:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012.11.04 13:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012.11.04 13:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.25 18:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.08 15:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.13 10:00:52 | 000,000,000 | ---D | M]
 
[2010.03.21 19:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Extensions
[2010.03.21 19:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.10 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.10 23:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.02.10 23:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\Firefox\Profiles\Ilka\AppData\Roaming\Mozilla\Profiles\n4upzdhr.IlkaFirefox\extensions
[2012.11.06 18:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Ilka\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2013.04.08 15:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.13 10:00:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Online File Folder plugin 1.0.0.17 (Enabled) = C:\Users\Ilka\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.0.13 (Enabled) = C:\Users\Ilka\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Bejeweled = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Search by Image for Google = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdigejhabbnmfbbebmchkkjhcdjmeli\1.2_0\
CHR - Extension: Angry Birds = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: BeFunky Photo Editor = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: Wetter (Erweiterung) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\
CHR - Extension: Immortall = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgofchligkleafmbnobellmjjoppoin\1.6.0_0\
CHR - Extension: Adblock Plus = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Die Siedler Online = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dencfipkbmoplciolcjgmlabfllbdaof\1.0_0\
CHR - Extension: Google Kalender = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Elemente und Physik = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcpedjbhjpalhdjkbchahkcceaikoda\1.3.0_0\
CHR - Extension: Andrzej Mleczko = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddhjciibknifaafahnnjbpfnepoclm\2_0\
CHR - Extension: The QR Code Generator = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: AdBlock = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Creatures & Castles (Kreaturen & Burgen) = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: Pixlr Editor = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Picnik = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: Skype Click to Call = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: NotScripts = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Psykopaint = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Ilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
 
O1 HOSTS File: ([2013.04.08 15:31:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BePCSC] C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SmartMon] C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{820C886A-5B6E-4869-ACCF-4C424769B1F0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ilka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 15:42:24 | 000,000,046 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 15:45:59 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\WTouch
[2013.04.08 15:43:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.08 15:43:30 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\temp
[2013.04.08 15:14:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.08 15:14:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.08 15:14:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.08 15:14:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.08 15:13:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.08 15:12:35 | 005,048,663 | R--- | C] (Swearware) -- C:\Users\Ilka\Desktop\ComboFix.exe
[2013.04.08 11:49:50 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\Malwarebytes
[2013.04.08 11:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.08 11:49:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.08 11:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.08 11:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.08 10:57:48 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\otl
[2013.04.08 10:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.07 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\arnie handy photos
[2013.03.29 21:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.29 20:56:53 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2013.03.29 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2013.03.29 20:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.29 20:53:34 | 000,000,000 | ---D | C] -- C:\$AVG
[2013.03.29 20:51:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.29 20:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Avg2013
[2013.03.25 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG8UPG
[2013.03.23 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Local\Origin
[2013.03.23 13:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.22 22:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ilka\AppData\Roaming\Origin
[2013.03.22 22:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.22 09:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.17 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\Ilka\Desktop\Ilka
[2013.03.13 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 15:56:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003UA.job
[2013.04.08 15:52:24 | 000,743,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 15:52:24 | 000,692,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 15:52:24 | 000,176,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 15:52:24 | 000,142,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 15:52:23 | 001,751,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 15:50:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 15:45:59 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 15:45:52 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 15:45:52 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 15:45:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.08 15:31:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.08 15:23:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 15:13:02 | 005,048,663 | R--- | M] (Swearware) -- C:\Users\Ilka\Desktop\ComboFix.exe
[2013.04.08 15:10:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.04.08 15:04:24 | 000,001,208 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.08 15:03:07 | 000,613,083 | ---- | M] () -- C:\Users\Ilka\Desktop\adwcleaner.exe
[2013.04.08 11:49:07 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.08 10:36:16 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.07 22:17:42 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 14:05:31 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:17 | 000,017,392 | ---- | M] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:59:30 | 000,017,977 | ---- | M] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.06 10:30:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003Core.job
[2013.04.03 21:09:04 | 007,600,116 | ---- | M] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:09:03 | 006,978,149 | ---- | M] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:08:51 | 005,637,235 | ---- | M] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:08:44 | 004,475,545 | ---- | M] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:08:22 | 003,226,500 | ---- | M] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:08:09 | 002,595,199 | ---- | M] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.04.03 19:41:26 | 000,002,029 | ---- | M] () -- C:\Users\Ilka\Desktop\Google Chrome.lnk
[2013.03.27 09:51:00 | 068,191,196 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013.03.24 12:01:38 | 000,012,996 | ---- | M] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.22 09:52:15 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.17 16:56:43 | 000,028,513 | ---- | M] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:11 | 000,060,055 | ---- | M] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:13 | 000,017,937 | ---- | M] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | M] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:39 | 000,075,773 | ---- | M] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:52:00 | 000,010,842 | ---- | M] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:43 | 000,019,815 | ---- | M] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.08 15:14:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.08 15:14:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.08 15:14:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.08 15:14:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.08 15:14:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.08 15:04:10 | 000,001,208 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.08 15:03:06 | 000,613,083 | ---- | C] () -- C:\Users\Ilka\Desktop\adwcleaner.exe
[2013.04.08 11:49:07 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.08 10:36:16 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.08 10:36:16 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.07 22:17:42 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
[2013.04.07 22:15:27 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
[2013.04.07 14:05:31 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.04.07 13:30:14 | 000,017,392 | ---- | C] () -- C:\Users\Ilka\Desktop\Schrank beschreibung.odt
[2013.04.06 11:37:01 | 000,017,977 | ---- | C] () -- C:\Users\Ilka\Desktop\defensa multa1.odt
[2013.04.03 21:06:56 | 007,600,116 | ---- | C] () -- C:\Users\Ilka\Desktop\5neu.jpg
[2013.04.03 21:06:56 | 006,978,149 | ---- | C] () -- C:\Users\Ilka\Desktop\4neu.jpg
[2013.04.03 21:06:56 | 005,637,235 | ---- | C] () -- C:\Users\Ilka\Desktop\3neu.jpg
[2013.04.03 21:06:56 | 004,475,545 | ---- | C] () -- C:\Users\Ilka\Desktop\6neu.jpg
[2013.04.03 21:06:56 | 003,226,500 | ---- | C] () -- C:\Users\Ilka\Desktop\2neu.jpg
[2013.04.03 21:06:56 | 002,595,199 | ---- | C] () -- C:\Users\Ilka\Desktop\1neu.jpg
[2013.03.24 12:01:35 | 000,012,996 | ---- | C] () -- C:\Users\Ilka\Documents\EA beschwerde 24.3.13.odt
[2013.03.23 13:08:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.17 16:56:42 | 000,028,513 | ---- | C] () -- C:\Users\Ilka\Documents\CONTRATO_DE_COMPRAVENTA BESSER!.pdf
[2013.03.17 16:55:10 | 000,060,055 | ---- | C] () -- C:\Users\Ilka\Documents\Compraventa coches internet.pdf
[2013.03.17 16:50:11 | 000,017,937 | ---- | C] () -- C:\Users\Ilka\Documents\Kaufvertrag Auto spanisch neutral.odt
[2013.03.17 13:46:40 | 000,009,709 | ---- | C] () -- C:\Users\Ilka\AppData\Local\recently-used.xbel
[2013.03.14 21:39:38 | 000,075,773 | ---- | C] () -- C:\Users\Ilka\Documents\recibo.jpg
[2013.03.13 11:51:58 | 000,010,842 | ---- | C] () -- C:\Users\Ilka\Documents\Kontoverbindungen.odt
[2013.03.13 10:11:41 | 000,019,815 | ---- | C] () -- C:\Users\Ilka\Documents\Konto kündigung.odt
[2012.10.21 13:29:54 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2010.02.06 18:02:02 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.06 17:45:37 | 000,079,344 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.06 17:38:43 | 005,046,640 | ---- | C] () -- C:\Users\Ilka\Paint.NET.3.5.2.Install.exe
[2009.03.19 13:00:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.17 23:58:01 | 074,030,661 | ---- | C] () -- C:\Users\Ilka\dvd-cover.zip
[2009.01.01 20:29:40 | 000,023,552 | ---- | C] () -- C:\Users\Ilka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 17:55:09 | 000,007,916 | ---- | C] () -- C:\Users\Ilka\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2012.02.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Ashampoo
[2013.03.29 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\AVG2013
[2010.11.14 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Bidgood Svcs
[2012.05.19 12:21:57 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Black Sea Studios
[2012.04.28 14:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\calibre
[2010.08.22 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canneverbe Limited
[2012.12.18 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Canon
[2013.02.10 11:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\CustomBrushesMini
[2012.05.20 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 23:12:43 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DAEMON Tools Pro
[2010.10.07 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.11.07 10:54:20 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Dropbox
[2013.01.03 12:12:27 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\DVDVideoSoft
[2009.10.28 00:05:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\FileZilla
[2009.12.19 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome
[2009.04.15 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Grand Ages Rome Demo
[2013.02.18 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\gtk-2.0
[2009.12.20 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ICQ
[2009.09.20 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Image Zone Express
[2011.11.10 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\LaunchPad
[2009.01.03 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\OpenOffice.org
[2009.08.27 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Opera
[2013.03.23 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Origin
[2009.10.20 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\PC Suite
[2009.01.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Printer Info Cache
[2011.03.07 15:04:55 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\ProtectDisc
[2009.10.20 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Samsung
[2013.03.02 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\SPORE
[2011.05.04 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Spotify
[2012.05.20 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TeamViewer
[2009.04.09 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\The Games Company
[2008.12.13 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TMP
[2010.03.21 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TomTom
[2013.03.29 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\TuneUp Software
[2012.11.15 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\Visan
[2012.03.22 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\VoipStunt
[2013.04.08 15:45:59 | 000,000,000 | ---D | M] -- C:\Users\Ilka\AppData\Roaming\WTouch
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Die Datei Combofix.txt ist nach dem Neustart von meinem Rechner verschwunden, soll ich das Programm nochmal ausführen?


Alt 08.04.2013, 15:09   #6
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Zitat:
Die Datei Combofix.txt ist nach dem Neustart von meinem Rechner verschwunden,
Findest du es nicht unter C:\Combofix.txt?
Und auch nicht irgendwo im Ordner C:\Qoobox?
__________________
--> Keinerlei Downloads mehr möglich mit allen Browsern

Alt 08.04.2013, 15:12   #7
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Habe sie gefunden:
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-08.02 - Ilka 08.04.2013  15:18:26.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.8190.6048 [GMT 2:00]
ausgeführt von:: c:\users\Ilka\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Ilka\AppData\Roaming\InstallProxy.exe
c:\users\Ilka\AppData\Roaming\WTouch
c:\users\Ilka\AppData\Roaming\WTouch\WTouch.xml
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-08 bis 2013-04-08  ))))))))))))))))))))))))))))))
.
.
2013-04-08 13:04 . 2013-04-08 13:04	1208	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\users\Ilka\AppData\Roaming\Malwarebytes
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-08 09:49 . 2012-12-14 14:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-08 08:36 . 2013-04-08 08:36	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-29 19:01 . 2013-03-29 19:01	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-03-29 18:56 . 2013-03-29 18:56	--------	d-----w-	c:\users\Ilka\AppData\Roaming\AVG2013
2013-03-29 18:55 . 2013-03-29 18:55	--------	d-----w-	c:\users\Ilka\AppData\Roaming\TuneUp Software
2013-03-29 18:53 . 2013-03-29 18:56	--------	d-----w-	c:\programdata\AVG2013
2013-03-29 18:53 . 2013-03-29 18:53	--------	d-----w-	C:\$AVG
2013-03-29 18:51 . 2013-04-08 07:37	--------	d-----w-	c:\programdata\MFAData
2013-03-29 18:51 . 2013-03-29 21:27	--------	d-----w-	c:\users\Ilka\AppData\Local\Avg2013
2013-03-29 18:51 . 2013-03-29 18:51	--------	d--h--w-	c:\programdata\Common Files
2013-03-29 18:51 . 2013-03-29 18:51	--------	d-----w-	c:\users\Ilka\AppData\Local\MFAData
2013-03-29 18:50 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE2928A2-1862-433A-91C3-45C6C49F1A8D}\mpengine.dll
2013-03-25 16:46 . 2013-03-29 18:51	--------	d-----w-	c:\programdata\AVG8UPG
2013-03-23 11:09 . 2013-03-23 11:09	--------	d-----w-	c:\users\Ilka\AppData\Local\Origin
2013-03-22 20:25 . 2013-03-23 11:09	--------	d-----w-	c:\users\Ilka\AppData\Roaming\Origin
2013-03-22 20:23 . 2013-03-26 18:34	--------	d-----w-	c:\program files (x86)\Origin
2013-03-21 18:17 . 2013-02-12 02:18	19456	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 10:05 . 2006-11-02 12:35	72013344	----a-w-	c:\windows\system32\mrt.exe
2013-03-12 21:23 . 2012-10-18 07:09	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:23 . 2011-10-17 07:10	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2009-10-03 07:33	273840	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-10-12 08:13	3077528	----a-w-	c:\program files (x86)\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-07-06 102400]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"7301A870A0401D35B8EA64B798C40F82AE3726B5._service_run"="c:\users\Ilka\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"BePCSC"="c:\program files (x86)\EmvSmartCardReader\BePCSC.exe" [2007-05-03 130560]
"SmartMon"="c:\program files (x86)\EmvSmartCardReader\SmartMON.exe" [2006-12-18 234496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"wben"="c:\program files (x86)\Starfield\wben.exe" [2010-07-07 1076432]
.
c:\users\Ilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SA19xx Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear SA19xx Device Manager\main.exe [2011-8-8 124760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 21:23]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 21:25]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 21:25]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003Core.job
- c:\users\Ilka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-08 13:38]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003UA.job
- c:\users\Ilka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-08 13:38]
.
2013-04-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-02 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-01 5426688]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} - hxxps://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab
FF - ProfilePath - c:\users\Ilka\AppData\Roaming\Mozilla\Firefox\Profiles\wrs8ha24.default\
FF - ExtSQL: 2013-03-13 09:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-301557635-3079252342-3213273295-1003\Software\SecuROM\License information*]
"datasecu"=hex:65,9f,54,92,89,fc,4c,64,78,e1,37,fa,cf,ea,48,7f,79,1a,3c,f1,b2,
   ae,21,e3,74,83,47,88,4f,03,d9,98,0f,f5,f6,18,ef,31,16,56,a7,d8,b9,b9,bb,c2,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-08  15:43:15
ComboFix-quarantined-files.txt  2013-04-08 13:43
.
Vor Suchlauf: 15 Verzeichnis(se), 365.106.552.832 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 374.082.039.808 Bytes frei
.
- - End Of File - - 3614503553FE606611EEAFBB12F60AD5
--- --- ---
Alt 08.04.2013, 15:15   #8
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Drücke die + R Taste, kopiere folgenden Text in das Ausführen Fenster und drücke OK.
Code:
ATTFilter
notepad C:\Combofix.txt
Öffnet sich dann kein Combofix-Log?
__________________
cheers,
Leo

Alt 08.04.2013, 15:17   #9
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Ja da ist die Datei auch gekommen:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-08.02 - Ilka 08.04.2013  15:18:26.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.8190.6048 [GMT 2:00]
ausgeführt von:: c:\users\Ilka\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Ilka\AppData\Roaming\InstallProxy.exe
c:\users\Ilka\AppData\Roaming\WTouch
c:\users\Ilka\AppData\Roaming\WTouch\WTouch.xml
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-08 bis 2013-04-08  ))))))))))))))))))))))))))))))
.
.
2013-04-08 13:04 . 2013-04-08 13:04	1208	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\users\Ilka\AppData\Roaming\Malwarebytes
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-08 09:49 . 2013-04-08 09:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-08 09:49 . 2012-12-14 14:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-08 08:36 . 2013-04-08 08:36	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-29 19:01 . 2013-03-29 19:01	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-03-29 18:56 . 2013-03-29 18:56	--------	d-----w-	c:\users\Ilka\AppData\Roaming\AVG2013
2013-03-29 18:55 . 2013-03-29 18:55	--------	d-----w-	c:\users\Ilka\AppData\Roaming\TuneUp Software
2013-03-29 18:53 . 2013-03-29 18:56	--------	d-----w-	c:\programdata\AVG2013
2013-03-29 18:53 . 2013-03-29 18:53	--------	d-----w-	C:\$AVG
2013-03-29 18:51 . 2013-04-08 07:37	--------	d-----w-	c:\programdata\MFAData
2013-03-29 18:51 . 2013-03-29 21:27	--------	d-----w-	c:\users\Ilka\AppData\Local\Avg2013
2013-03-29 18:51 . 2013-03-29 18:51	--------	d--h--w-	c:\programdata\Common Files
2013-03-29 18:51 . 2013-03-29 18:51	--------	d-----w-	c:\users\Ilka\AppData\Local\MFAData
2013-03-29 18:50 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE2928A2-1862-433A-91C3-45C6C49F1A8D}\mpengine.dll
2013-03-25 16:46 . 2013-03-29 18:51	--------	d-----w-	c:\programdata\AVG8UPG
2013-03-23 11:09 . 2013-03-23 11:09	--------	d-----w-	c:\users\Ilka\AppData\Local\Origin
2013-03-22 20:25 . 2013-03-23 11:09	--------	d-----w-	c:\users\Ilka\AppData\Roaming\Origin
2013-03-22 20:23 . 2013-03-26 18:34	--------	d-----w-	c:\program files (x86)\Origin
2013-03-21 18:17 . 2013-02-12 02:18	19456	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 10:05 . 2006-11-02 12:35	72013344	----a-w-	c:\windows\system32\mrt.exe
2013-03-12 21:23 . 2012-10-18 07:09	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:23 . 2011-10-17 07:10	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2009-10-03 07:33	273840	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-10-12 08:13	3077528	----a-w-	c:\program files (x86)\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-07-06 102400]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"7301A870A0401D35B8EA64B798C40F82AE3726B5._service_run"="c:\users\Ilka\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"BePCSC"="c:\program files (x86)\EmvSmartCardReader\BePCSC.exe" [2007-05-03 130560]
"SmartMon"="c:\program files (x86)\EmvSmartCardReader\SmartMON.exe" [2006-12-18 234496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"wben"="c:\program files (x86)\Starfield\wben.exe" [2010-07-07 1076432]
.
c:\users\Ilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SA19xx Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear SA19xx Device Manager\main.exe [2011-8-8 124760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 21:23]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 21:25]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 21:25]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003Core.job
- c:\users\Ilka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-08 13:38]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-301557635-3079252342-3213273295-1003UA.job
- c:\users\Ilka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-08 13:38]
.
2013-04-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-02 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Ilka\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-01 5426688]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ilka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} - hxxps://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab
FF - ProfilePath - c:\users\Ilka\AppData\Roaming\Mozilla\Firefox\Profiles\wrs8ha24.default\
FF - ExtSQL: 2013-03-13 09:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-301557635-3079252342-3213273295-1003\Software\SecuROM\License information*]
"datasecu"=hex:65,9f,54,92,89,fc,4c,64,78,e1,37,fa,cf,ea,48,7f,79,1a,3c,f1,b2,
   ae,21,e3,74,83,47,88,4f,03,d9,98,0f,f5,f6,18,ef,31,16,56,a7,d8,b9,b9,bb,c2,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-08  15:43:15
ComboFix-quarantined-files.txt  2013-04-08 13:43
.
Vor Suchlauf: 15 Verzeichnis(se), 365.106.552.832 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 374.082.039.808 Bytes frei
.
- - End Of File - - 3614503553FE606611EEAFBB12F60AD5
--- --- ---
Alt 08.04.2013, 15:19   #10
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Ok, das Combofix-Log wurde doch noch gefunden.


Downloade dir bitte Farbars Service Scanner und speichere es auf den Desktop.
  • Starte das Tool mit Doppelklick auf FSS.exe.
  • Gehe sicher, dass folgende Optionen angehakt sind:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt auf dem Desktop erstellen.
Poste bitte dessen Inhalt hier.
__________________
cheers,
Leo

Alt 08.04.2013, 15:23   #11
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Farbar Service Scanner Version: 03-03-2013
Ran by Ilka (administrator) on 08-04-2013 at 16:22:48
Running from "C:\Users\Ilka\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-02-23 21:10] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 18:00] - [2012-01-03 16:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-14 09:58] - [2013-01-04 13:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 19:22] - [2011-03-02 18:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-02-23 21:11] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-02-23 21:10] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-02-23 21:09] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-02-23 21:08] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-02-23 21:08] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-02-23 21:11] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-02-23 21:10] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 10:13] - [2012-06-02 02:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-02-23 21:11] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Alt 08.04.2013, 15:29   #12
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Besteht das Problem weiterhin noch?
__________________
cheers,
Leo

Alt 08.04.2013, 15:39   #13
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Ja alles nach wie vor Immer wieder wird angezeigt, dass sich in den downloads ein Virus befindet. Ich habe sogar ganz alte anhänge aus gmail versucht zu speichern (die nun 100%ig keinen Virus enthalten), aber sie lassen sich nicht speichern. Bis vor ein paar Tagen funktionierte das alles ohne Probleme, was ist nur los?

Alt 08.04.2013, 15:59   #14
aharonov
/// TB-Ausbilder
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Kannst du bitte mal einen Screenshot von so einer Virus-Meldung machen und hier anhängen?
__________________
cheers,
Leo

Alt 08.04.2013, 16:29   #15
frigorifica
 
Keinerlei Downloads mehr möglich mit allen Browsern - Standard

Keinerlei Downloads mehr möglich mit allen Browsern


Wie kriege ich denn das Bild hier herein?

Antwort
Seite 1 von 5 1 23 Letzte »

Themen zu Keinerlei Downloads mehr möglich mit allen Browsern
analyse, angeblich, antivirenprogramm, betriebsystem, black, browser, datei, download, eingefangen, gelöscht, guten, helft, hinweis, infos, internet, jdownloader, malware, meldet, microsoft office 2003, office 2007, pdfforge toolbar, picasa, programm, quarantäne, sketchup, software, speichern, tablet, verschiedene, virus, virusscan, viruswarnung, vista, visual studio, windows, windows vista


« GVU Trojaner entfernen | Problem mit Qvo6 und SpyHunter! »


Ähnliche Themen: Keinerlei Downloads mehr möglich mit allen Browsern


  1. Virusbefall: Browser schmiert ständig ab - Keine Downloads mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (5)
  2. Keine Downloads mehr möglich und überall Werbung
    Log-Analyse und Auswertung - 21.10.2014 (28)
  3. Keine Verbindungen / Downloads mehr möglich - DNS Problem?
    Plagegeister aller Art und deren Bekämpfung - 28.07.2014 (5)
  4. Seit einiger Zeit sind keine Downloads und Updates mehr möglich.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (1)
  5. keine downloads aus dem internet mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (20)
  6. Windows 8.1: Facebook zeigt in allen Browsern keine Neuigkeiten mehr an
    Log-Analyse und Auswertung - 30.04.2014 (6)
  7. Keine Downloads mehr möglich! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  8. keine Downloads mehr möglich Win7 (angeblich Viren enthalten)
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (9)
  9. Kein Speichern von Downloads mehr möglich (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (16)
  10. Keine Downloads mehr möglich unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (19)
  11. TR/Kazy.795 - Downloads sind nicht mehr möglich
    Log-Analyse und Auswertung - 17.09.2013 (14)
  12. NIchts geht mehr: Downloads nicht möglich - 0 kB
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (4)
  13. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  14. Security Guard blockiert meinen Laptop, keinerlei Aktivität mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (80)
  15. System Security / keine Downloads mehr möglich
    Mülltonne - 06.01.2009 (1)
  16. Keinerlei Sicherheitsupdates möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 11.11.2008 (0)
  17. Internet wird immer langsamer, Downloads nicht mehr möglich!
    Log-Analyse und Auswertung - 20.07.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Keinerlei Downloads mehr möglich mit allen Browsern - Guten Morgen, seit gestern bin ich ganz verzweifelt. Es sind keinerlei Downloads auf meinen PC mehr möglich. Ich kann weder E-Mail-Anhänge, noch Fotos oder sonst irgendeine Datei mehr herunterladen. Die - Keinerlei Downloads mehr möglich mit allen Browsern...
Archiv
Du betrachtest: Keinerlei Downloads mehr möglich mit allen Browsern auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55