e.ligatus.com 34088 Poppup

aloukat · 26.04.2013, 16:02

Hallo zusammen, ich habe folgendes Problem, ähnlich wie in diesem Thread:

Code:

ATTFilter

http://www.trojaner-board.de/132879-...com-virus.html

Öffnet mein Firefox immer diesen Link: er poppt alle paar stunden mal auf...

hxxp://e.ligatus.com/LigatusFallback.gif?ids=34088

Mein Virenpogramm (AVAST) hat nichts gefunden, und ich kriege diesen fehler einach nicht weg.

Ich habe bereits wie in dem anderen Thread beschrieben, adwcleaner und TFC.exe ausgeführt.

Die Logs hänge ich genauso wie die von Malwarebytes an.

Malwarebytes_LOG:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Fabio :: Fabio-PC [Administrator]

26.04.2013 16:58:26
mbam-log-2013-04-26 (16-58-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241379
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

adwcleaner.txt:

Code:

ATTFilter

# AdwCleaner v2.202 - Datei am 26/04/2013 um 16:35:06 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Fabio - Fabio-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Fabio\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Fabio\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Fabio\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Fabio\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SocialBit
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1118 octets] - [26/04/2013 16:35:06]

########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########

dds.txt:
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Fabio at 16:43:52 on 2013-04-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2347 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoSimpleNetIDList = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C} : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A} : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-10 23:55; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 21:02; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-03-15 21:02; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-03-19 19:30; tabutils@ithinc.cn; C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-7 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-7 377920]
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2010-1-20 332688]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-11 45248]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-22 492032]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2012-7-20 2635776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-22 3560288]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2012-2-22 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2012-2-22 157288]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 178624]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-9-16 45664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-3-23 4774208]
S3 vpcuxd;USB-Virtualisierungsstubdienst;C:\Windows\System32\drivers\vpcuxd.sys [2013-1-28 16384]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-25 03:06:18	1656680	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2013-04-23 22:42:51	9317456	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\mpengine.dll
2013-04-23 10:41:18	--------	d-----w-	C:\Program Files (x86)\Common Files\Adobe Systems Shared
2013-04-23 10:38:47	--------	d-----w-	C:\PS2
2013-04-23 01:57:43	--------	d-----w-	C:\Program Files\iConvert
2013-04-23 01:45:55	151552	----a-w-	C:\Windows\SysWow64\nvRegDev.dll
2013-04-23 01:45:46	61440	----a-w-	C:\Windows\SysWow64\nvPhotoshopUtil.dll
2013-04-23 01:45:46	40960	----a-w-	C:\Windows\SysWow64\nvISWOW64.dll
2013-04-23 01:45:45	729088	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-04-23 01:45:45	69715	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-04-23 01:45:45	5632	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-04-23 01:45:45	266240	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-04-23 01:45:45	192512	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-04-23 01:45:45	188548	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-04-23 01:45:44	311428	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-04-23 01:39:37	--------	d-----w-	C:\Users\Fabio\AppData\Local\fontconfig
2013-04-23 01:39:33	--------	d-----w-	C:\Users\Fabio\AppData\Local\gegl-0.2
2013-04-23 01:39:33	--------	d-----w-	C:\Users\Fabio\.gimp-2.8
2013-04-23 01:37:24	--------	d-----w-	C:\Program Files\GIMP 2
2013-04-15 19:29:15	--------	d-sh--w-	C:\Windows\ftpcache
2013-04-15 19:11:41	--------	d-----w-	C:\Program Files (x86)\Activision
2013-04-09 17:57:38	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-04-09 17:56:12	223752	----a-w-	C:\Windows\System32\drivers\fvevol.sys
2013-04-09 17:56:06	5550424	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-04-09 17:56:04	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-04-09 17:56:03	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-09 17:56:02	112640	----a-w-	C:\Windows\System32\smss.exe
2013-04-09 17:56:01	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2013-04-09 17:56:01	43520	----a-w-	C:\Windows\System32\csrsrv.dll
2013-03-31 00:58:09	--------	d-sh--w-	C:\$RECYCLE.BIN
2013-03-30 22:14:46	--------	d-----w-	C:\Users\Fabio\AppData\Roaming\Malwarebytes
2013-03-30 22:14:26	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-03-29 17:51:03	--------	d-----w-	C:\Program Files (x86)\Microsoft WSE
2013-03-29 17:50:49	--------	d-----w-	C:\ProgramData\Netzmanager
2013-03-29 17:50:49	--------	d-----w-	C:\Program Files\Netzmanager
2013-03-29 17:50:42	--------	dc-h--w-	C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-03-29 17:23:24	--------	d-----w-	C:\Users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
.
==================== Find3M  ====================
.
2013-04-24 23:37:16	214520	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-24 23:37:16	214520	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2013-04-24 20:15:27	214520	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-12 17:37:32	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:37:32	691592	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 21:52:11	16486616	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 23:10:56	282744	------w-	C:\Windows\System32\MpSigStub.exe
2013-03-06 23:33:21	70992	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21	65336	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21	178624	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21	1025808	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20	80816	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51	41664	----a-w-	C:\Windows\avastSS.scr
2013-03-06 18:26:54	861088	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 18:26:54	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-03-04 11:55:04	37704	----a-w-	C:\Windows\System32\VNCpm.dll
2013-03-04 11:55:00	4608	----a-w-	C:\Windows\System32\drivers\vncmirror.sys
2013-03-04 11:55:00	26112	----a-w-	C:\Windows\System32\vncmirror.dll
2013-02-25 23:32:38	1814304	----a-w-	C:\Windows\System32\nvdispco64.dll
2013-02-25 23:32:32	1510176	----a-w-	C:\Windows\System32\nvdispgenco64.dll
2013-02-21 10:30:16	1766912	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07	2240512	----a-w-	C:\Windows\System32\wininet.dll
2013-02-21 10:14:09	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31	474112	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05	19968	----a-w-	C:\Windows\System32\drivers\usb8023.sys
2013-02-10 01:04:31	6393120	----a-w-	C:\Windows\System32\nvcpl.dll
2013-02-10 01:04:31	3472672	----a-w-	C:\Windows\System32\nvsvc64.dll
2013-02-10 01:04:29	877856	----a-w-	C:\Windows\System32\nvvsvc.exe
2013-02-10 01:04:29	63776	----a-w-	C:\Windows\System32\nvshext.dll
2013-02-10 01:04:29	2555680	----a-w-	C:\Windows\System32\nvsvcr.dll
2013-02-10 01:04:29	237856	----a-w-	C:\Windows\System32\nvmctray.dll
2013-02-09 17:43:52	555808	----a-w-	C:\Windows\SysWow64\nvStreaming.exe
2013-02-09 13:25:36	3035306	----a-w-	C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 16:44:28,73 ===============

--- --- ---

attach.txt

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 06.08.2012 20:38:57
System Uptime: 26.04.2013 16:36:55 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P41T-D3
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 400 GiB total, 292,677 GiB free.
D: is FIXED (NTFS) - 531 GiB total, 230,098 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e969-e325-11ce-bfc1-08002be10318}
Description: Standard-Diskettenlaufwerkcontroller
Device ID: ACPI\PNP0700\4&226211B3&0
Manufacturer: (Standard-Diskettenlaufwerkcontroller)
Name: Standard-Diskettenlaufwerkcontroller
PNP Device ID: ACPI\PNP0700\4&226211B3&0
Service: fdc
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&15E70C52&0&00E1
Manufacturer: Realtek
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&15E70C52&0&00E1
Service: RTL8167
.
==== System Restore Points ===================
.
RP106: 22.03.2013 20:12:29 - Windows Update
RP107: 26.04.2013 16:28:32 - TuneUp Utilities 2013 wird entfernt
RP108: 26.04.2013 16:29:23 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP109: 26.04.2013 16:30:58 - Removed Java 7 Update 17
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.6) - Deutsch
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.83
Audacity 2.0.2
avast! Free Antivirus
Bigfoot Networks Killer Network Manager
Bonjour
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Canon Inkjet Printer Driver Add-On Module V2.00
Canon MP Navigator EX 1.0
Canon MX310 series
Counter-Strike: Global Offensive
Counter-Strike: Source
Dropbox
Free YouTube Download version 3.2.1.320
Free YouTube to MP3 Converter version 3.12.0.128
iCloud
ICQ7M
IrfanView (remove only)
iTunes
LAME v3.99.3 (for Windows)
Last.fm Scrobbler 2.1.35
Logitech Gaming Software
Logitech Gaming Software 8.30
ManiaPlanet
Mediencenter 3.6.0.1202
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 de)
MSI PLC Utility
Need for Speed™ Most Wanted
Netzmanager
Notepad++
NVIDIA 3D Vision Controller-Treiber 314.07
NVIDIA 3D Vision Treiber 314.07
NVIDIA Grafiktreiber 314.07
NVIDIA HD-Audiotreiber 1.3.23.1
NVIDIA Install Application
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 314.07
NVIDIA Update 1.12.12
NVIDIA Update Components
Origin
Paint.NET v3.5.10
PDF-Viewer
Protect Disc License Helper 1.0.118
ProtectDisc Driver, Version 11
PunkBuster Services
QuickTime
Safari
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype Click to Call
Skype™ 6.2
Steam
TeamSpeak 3 Client
TeamViewer 8
TmUnitedForever Update 2010-03-15
Tom Clancy's Ghost Recon Future Soldier
TrackMania United 0.2.0.8
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Uplay
VLC media player 2.0.6
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.5
VNC Viewer 5.0.5
WifiAmp Version 2.0.0
Winamp
Winamp Erkennungs-Plug-in
Windows XP Mode
WinPcap 4.1.2
WinRAR 4.20 (64-Bit)
WinSCP 4.3.9
XAMPP 1.8.0
ZERO-G
.
==== End Of File ===========================

Vielen Dank berreits im Vorraus, und ich hoffe ihr könnt mir weiterhelfen.
Mfg Aloukat

M-K-D-B · 26.04.2013, 16:28

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von JRT,
die Logdatei von ComboFix.

aloukat · 26.04.2013, 18:17

So hier die beiden Logs:

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x64
Ran by Fabio on 26.04.2013 at 18:45:00,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 18:49:03,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix:

Code:

ATTFilter

ComboFix 13-04-26.01 - Fabio 26.04.2013  18:51:42.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.1983 [GMT 2:00]
ausgeführt von:: d:\users\Fabio\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-26 17:00 . 2013-04-26 17:00	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-26 17:00 . 2013-04-26 17:00	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-26 17:00 . 2013-04-26 17:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-26 15:51 . 2013-04-26 15:51	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\offreg.dll
2013-04-26 15:43 . 2013-04-26 15:43	--------	d-----w-	c:\windows\ERUNT
2013-04-26 15:42 . 2013-04-26 16:44	--------	d-----w-	C:\JRT
2013-04-26 15:19 . 2013-04-26 15:19	--------	d-----w-	c:\program files (x86)\ESET
2013-04-26 14:52 . 2013-04-26 14:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-26 14:52 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-25 03:06 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 22:42 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A522BD56-B487-4871-B072-64488F198E5F}\mpengine.dll
2013-04-23 10:41 . 2013-04-23 10:41	--------	d-----w-	c:\program files (x86)\Common Files\Adobe Systems Shared
2013-04-23 10:38 . 2013-04-23 10:38	--------	d-----w-	C:\PS2
2013-04-23 01:57 . 2013-04-23 01:58	--------	d-----w-	c:\program files\iConvert
2013-04-23 01:45 . 2013-04-23 11:39	151552	----a-w-	c:\windows\SysWow64\nvRegDev.dll
2013-04-15 19:29 . 2013-04-15 19:29	--------	d-sh--w-	c:\windows\ftpcache
2013-04-15 19:11 . 2013-04-15 19:11	--------	d-----w-	c:\program files (x86)\Activision
2013-04-09 17:57 . 2013-02-21 10:14	19230208	----a-w-	c:\windows\system32\mshtml.dll
2013-04-09 17:57 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-09 17:56 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-09 17:56 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 17:56 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-09 17:56 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-09 17:56 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-02 20:51 . 2013-04-03 17:21	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-03-30 22:14 . 2013-03-30 22:14	--------	d-----w-	c:\users\Fabio\AppData\Roaming\Malwarebytes
2013-03-30 22:14 . 2013-03-30 22:14	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-29 17:51 . 2013-03-29 17:51	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2013-03-29 17:50 . 2013-03-29 17:57	--------	d-----w-	c:\programdata\Netzmanager
2013-03-29 17:50 . 2013-03-29 17:50	--------	d-----w-	c:\program files\Netzmanager
2013-03-29 17:50 . 2013-04-01 02:57	--------	dc-h--w-	c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2013-03-29 17:23 . 2013-04-08 22:00	--------	d-----w-	c:\users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
2013-03-29 17:02 . 2013-03-29 17:03	--------	d-----w-	c:\program files (x86)\Safari
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 23:37 . 2012-11-01 13:16	214520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-04-24 23:37 . 2012-10-31 23:40	214520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-04-24 20:15 . 2012-10-31 23:40	214520	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-04-12 17:37 . 2012-08-07 19:13	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:37 . 2012-08-07 19:13	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-09 17:59 . 2012-08-07 01:11	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-14 23:11 . 2013-03-14 23:11	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-14 23:11 . 2013-03-14 23:11	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-14 23:11 . 2013-03-14 23:11	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-14 23:11 . 2013-03-14 23:11	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-14 23:11 . 2013-03-14 23:11	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-14 23:11 . 2013-03-14 23:11	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-14 23:11 . 2013-03-14 23:11	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 23:11 . 2013-03-14 23:11	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 23:11 . 2013-03-14 23:11	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-14 23:11 . 2013-03-14 23:11	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-14 23:11 . 2013-03-14 23:11	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-14 23:11 . 2013-03-14 23:11	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-14 23:11 . 2013-03-14 23:11	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-14 23:11 . 2013-03-14 23:11	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-14 23:11 . 2013-03-14 23:11	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-14 23:11 . 2013-03-14 23:11	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-14 23:11 . 2013-03-14 23:11	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-14 23:11 . 2013-03-14 23:11	441856	----a-w-	c:\windows\system32\html.iec
2013-03-14 23:11 . 2013-03-14 23:11	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-14 23:11 . 2013-03-14 23:11	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-14 23:11 . 2013-03-14 23:11	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-14 23:11 . 2013-03-14 23:11	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-14 23:11 . 2013-03-14 23:11	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-14 23:11 . 2013-03-14 23:11	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-14 23:11 . 2013-03-14 23:11	235008	----a-w-	c:\windows\system32\url.dll
2013-03-14 23:11 . 2013-03-14 23:11	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-14 23:11 . 2013-03-14 23:11	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-14 23:11 . 2013-03-14 23:11	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-14 23:11 . 2013-03-14 23:11	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-14 23:11 . 2013-03-14 23:11	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-14 23:11 . 2013-03-14 23:11	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-14 23:11 . 2013-03-14 23:11	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-14 23:11 . 2013-03-14 23:11	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-14 23:11 . 2013-03-14 23:11	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-14 23:11 . 2013-03-14 23:11	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-14 23:11 . 2013-03-14 23:11	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-14 23:11 . 2013-03-14 23:11	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-14 23:11 . 2013-03-14 23:11	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-14 23:11 . 2013-03-14 23:11	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-14 23:11 . 2013-03-14 23:11	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-14 23:11 . 2013-03-14 23:11	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-14 23:11 . 2013-03-14 23:11	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-14 23:11 . 2013-03-14 23:11	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-14 23:11 . 2013-03-14 23:11	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-14 23:11 . 2013-03-14 23:11	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-14 23:11 . 2013-03-14 23:11	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-14 23:11 . 2013-03-14 23:11	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 23:11 . 2013-03-14 23:11	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 23:11 . 2013-03-14 23:11	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-13 21:52 . 2012-08-14 17:52	16486616	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 23:10 . 2012-08-06 18:55	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-03-03 15:46	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-03 15:46	178624	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-08-07 20:27	377920	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-08-07 20:27	70992	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-08-07 20:27	68920	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-08-07 20:27	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-08-07 20:27	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-08-07 20:27	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-08-07 20:26	41664	----a-w-	c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-08-07 20:27	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-03-06 18:26 . 2012-09-07 11:47	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 18:26 . 2012-09-07 11:47	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-04 11:55 . 2013-03-23 19:16	37704	----a-w-	c:\windows\system32\VNCpm.dll
2013-03-04 11:55 . 2013-03-23 19:16	4608	----a-w-	c:\windows\system32\drivers\vncmirror.sys
2013-03-04 11:55 . 2013-03-23 19:16	26112	----a-w-	c:\windows\system32\vncmirror.dll
2013-02-25 23:32 . 2012-02-09 20:43	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-09-25 20:11	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-12 05:45 . 2013-03-13 20:35	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:35	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:35	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:35	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:35	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:35	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 23:09	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-22 19:29	963776	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-10 03:25 . 2013-03-22 19:29	7569184	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-03-22 19:29	6267240	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-03-22 19:29	20534560	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-03-22 19:29	11040544	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2013-03-22 19:28	9422672	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-03-22 19:28	7964680	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-03-22 19:28	2911008	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-03-22 19:28	2726176	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-03-22 19:28	25256736	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-03-22 19:28	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-10 03:25 . 2013-03-22 19:28	2350368	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-22 19:28	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-10 03:25 . 2013-03-22 19:28	1990944	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-22 19:28	1807136	----a-w-	c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-22 19:28	17987192	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2013-03-22 19:28	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2013-03-22 19:28	1510176	----a-w-	c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2012-10-10 20:22	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Socialbit_Winamp_Server"="c:\program files (x86)\WifiAmp\WifiAmp Server.exe" [2011-12-28 418816]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Networks Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2012-2-22 564224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 aswVmm;aswVmm; [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [2013-03-04 4774208]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-01-20 332688]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-02-22 492032]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2012-02-22 31336]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2012-02-22 157288]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2012-12-13 16:30	558592	----a-w-	c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2012-12-13 16:30	558592	----a-w-	c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2012-12-13 16:30	558592	----a-w-	c:\users\Fabio\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: youporn.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - ExtSQL: 2013-03-10 23:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 21:02; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-03-15 21:02; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-03-19 19:30; tabutils@ithinc.cn; c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-26  19:12:20
ComboFix-quarantined-files.txt  2013-04-26 17:12
.
Vor Suchlauf: 13 Verzeichnis(se), 313.824.137.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 313.303.470.080 Bytes frei
.
- - End Of File - - A56A9FC2E32F9328F70FB666B8924DFD

M-K-D-B · 27.04.2013, 09:52

Servus,

Schritt 1
Bitte lade dir ZOEK auf deinen Desktop und starte es.

Klicke auf Options
Hake an:
- Firefox Defaults
- Auto Clean
Klicke auf Run Script und warte bis das Programm durchgelaufen ist.
Am Ende erstellt es ein Logfile (auch hier: c:\zoek-results.txt)

Poste mir dieses Logfile.

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Gibt es immer noch Probleme mit "e.ligatus.com" unter Firefox?

Bitte poste mit deiner nächsten Antwort

die Logdatei von ZOEK,
die beiden Logdateien von OTL,
die Beantwortung der gestellten Frage.

aloukat · 29.04.2013, 20:26

OTL.txt

Code:

ATTFilter

OTL logfile created on: 27.04.2013 13:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,35% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 291,69 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 229,99 Gb Free Space | 43,28% Space Free | Partition Type: NTFS
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\WifiAmp\OpenCvSharp.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (vncserver) -- C:\Programme\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Bigfoot Networks Killer Service) -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BFN7x64) -- C:\Windows\SysNative\drivers\Xeno7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (BfEdge7x64) -- C:\Windows\SysNative\drivers\Edge7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 95 93 C8 DF 1C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.6
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.31
FF - prefs.js..extensions.enabledAddons: tabutils%40ithinc.cn:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.11 00:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 22:01:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.02 22:51:06 | 000,000,000 | ---D | M]
 
[2013.03.15 22:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2013.04.19 18:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\kk4m4oj0.default\extensions
[2013.03.15 22:02:28 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\kk4m4oj0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.03.19 20:30:07 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\extensions\tabutils@ithinc.cn.xpi
[2013.04.19 18:35:19 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.03.15 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.11 00:55:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.22 15:14:36 | 000,000,965 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: youporn.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 13:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Temp
[2013.04.27 13:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.26 18:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 18:19:00 | 005,059,946 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:43:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.26 17:42:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 17:42:39 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT.exe
[2013.04.26 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.26 17:16:24 | 002,347,384 | ---- | C] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 16:52:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.26 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.26 16:49:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:09 | 000,700,783 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.23 13:17:13 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Updater
[2013.04.23 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.04.23 12:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.04.23 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.04.23 12:38:47 | 000,000,000 | ---D | C] -- C:\PS2
[2013.04.23 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\iConvert
[2013.04.23 03:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.23 03:50:44 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.04.23 03:39:37 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\fontconfig
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\gegl-0.2
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\.gimp-2.8
[2013.04.23 03:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.23 03:18:55 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Carskin
[2013.04.17 22:55:27 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Backup
[2013.04.17 22:28:53 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\TM2
[2013.04.15 21:29:15 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.04.15 21:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.04.15 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.04.09 19:58:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.09 19:58:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.09 19:58:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.09 19:58:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.09 19:58:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.09 19:58:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.09 19:58:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.09 19:58:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.09 19:58:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.09 19:58:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.09 19:58:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.09 19:58:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.09 19:58:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.09 19:58:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.09 19:58:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.09 19:56:06 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 19:56:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 19:56:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 19:56:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 19:56:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 19:56:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.02 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.01 01:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDS Converter 2
[2013.03.31 17:52:28 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Shootmania
[2013.03.31 00:14:46 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Malwarebytes
[2013.03.31 00:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.29 19:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Netzmanager
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2013.03.29 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2013.03.29 19:50:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2013.03.29 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\5C9A4F87-84AC-4ECC-BE17-B801B617E8D0.aplzod
[2013.03.29 19:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 13:22:01 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 13:22:01 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.27 13:14:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.27 13:09:20 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.27 13:07:04 | 001,273,277 | ---- | M] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.27 12:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 23:40:13 | 000,082,344 | ---- | M] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.26 20:44:55 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
[2013.04.26 18:18:52 | 005,059,946 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:41:18 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT.exe
[2013.04.26 17:16:26 | 002,347,384 | ---- | M] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 16:49:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:12 | 000,700,783 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:10 | 000,448,512 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.26 16:32:39 | 000,619,461 | ---- | M] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | M] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 22:15:27 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 19:51:10 | 000,461,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 18:59:43 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2013.04.23 13:39:35 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 13:35:15 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 13:35:14 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.23 12:41:36 | 000,001,391 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.22 18:24:04 | 000,139,976 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.22 18:23:18 | 000,282,825 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.22 15:14:36 | 000,000,965 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.22 15:14:36 | 000,000,964 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013.04.19 20:53:01 | 000,117,342 | ---- | M] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 21:16:02 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.15 21:16:02 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.15 21:15:58 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini
[2013.04.15 16:20:04 | 000,000,132 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.04.12 19:37:32 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 19:37:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 23:51:19 | 001,460,661 | ---- | M] () -- D:\Users\Fabio\Desktop\Polo_Schwarz.jpg
[2013.04.05 23:58:27 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 23:58:27 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 23:58:27 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 23:58:27 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 23:58:27 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 01:10:59 | 000,001,362 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 19:50:51 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.29 00:04:11 | 000,001,057 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 00:03:49 | 000,000,939 | ---- | M] () -- D:\Users\Fabio\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.27 13:13:20 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:06:48 | 001,273,277 | ---- | C] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 16:32:33 | 000,619,461 | ---- | C] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | C] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.23 12:42:04 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.04.23 12:41:36 | 000,001,391 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.23 12:41:17 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.04.23 12:40:47 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.04.23 12:40:47 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.04.23 03:45:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 03:45:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 03:45:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.22 18:23:17 | 000,282,825 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.21 22:43:37 | 000,139,976 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.21 21:14:56 | 000,082,344 | ---- | C] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.19 20:53:01 | 000,117,342 | ---- | C] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 21:16:02 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.15 21:16:02 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.15 21:15:58 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2013.04.03 01:10:59 | 000,001,362 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 20:21:07 | 000,001,028 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
[2013.03.29 19:50:51 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.29 19:03:02 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013.02.10 20:22:30 | 000,000,132 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.02.09 22:24:50 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.09 17:04:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 17:04:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 17:04:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 17:04:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 17:04:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 12:01:13 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI
[2013.01.26 11:51:06 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2012.11.09 00:30:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.11.01 01:40:51 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.01 01:40:49 | 003,233,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.01 01:40:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 00:01:09 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2012.08.08 23:20:23 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 27.04.2013 13:21:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,35% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 291,69 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 229,99 Gb Free Space | 43,28% Space Free | Partition Type: NTFS
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DBA877-2B2E-4A1A-BBCD-0758CB14F240}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{02E34D0D-2ACE-4436-B95D-52679CB1E026}" = lport=137 | protocol=17 | dir=in | app=system | 
"{11A057C1-8817-46D0-B3CF-882486D5ECAC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{316042AB-D94D-4C8C-A62F-B9F9006AACB1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{37AD8634-2F48-4944-8176-E8499FF746A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{380BC82B-7017-406D-8A48-616232899F7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3EA5EDA7-521C-4194-9B39-90E2AAEC919A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EE07359-51DD-4BD5-BD09-5D6FD2BEBF7C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54DF3397-D46A-442B-A057-025F345042FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{710B951C-4BCA-419F-B458-4ADCC8C8988D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7CCA44CC-6426-4B36-AB7C-0CB3A3A8A483}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DD06B29-5858-49C8-AA9B-F5F0B2ED8D40}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7DFD4795-63F3-4D56-928D-C1B51C4F59F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BB2ECBAF-6C3A-4A0B-AEF9-DB44ED7D7EDA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C0D0FC49-2DC8-4869-BD3A-CFD3D0431C9C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D363D8F3-6833-4750-9FF8-C4E7D2393145}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E61D3CDA-224E-4F4B-B305-C3875C85FF85}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{F8B454DD-7B98-4A6D-8DD5-CF9E26A80EF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B2FC2F-D051-4ED7-93A7-BB90D1830C0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0B5A54D9-3612-455B-94E2-E068D4E66AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{13754E8B-AE8D-44D6-8578-EA4D7BD30DFA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe | 
"{139C5D4D-ABE8-42A0-80BE-BC6AB0BD02D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{13FCC3DD-94F0-47BB-BD24-46263912CF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{1940F3C3-E55A-49FC-99F7-06263D930E1F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1CDBBF2D-7EA9-47BD-BC26-E54FA970F36E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{206D63FE-3B3F-4635-8A9E-2A622807B007}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{27FBF07B-6C53-4161-9410-E7EEBF94ABF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{29DD692D-51CE-41AE-A949-51B26A9A7A0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{359DDD32-9642-424D-B987-A29770A6258C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36E507F2-99A4-4DBE-9CBC-F9736D372390}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3AB607EB-629D-48FC-AC41-681678CD63D9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | 
"{3B130ECA-180B-44F4-A582-E54FE4165969}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4E5E7988-098E-4CC0-BE9A-6BABD0C990BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4E625574-A656-47C3-8EAF-12CE19D1D6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{563492CB-4AB0-40D2-88BA-B297B885E219}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5A5D7A33-2185-48FD-8160-14BFD0F188B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe | 
"{604AD541-EDDB-446A-89C2-357EED3B39DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66466249-A304-4AAA-BD7E-EC176920DBF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76553249-3394-47AC-BD77-363AD17CA0E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F4E764C-712A-451B-B2DA-F35E786F135A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8D3DD1A9-5402-45F7-A7FE-5900D75F4180}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{93433208-B6D2-4933-83D6-428E7472F20C}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"{97A2ED78-1D30-4899-A856-8E37DEF908A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{99ABC424-A26D-4C92-A1A5-74700767E35C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe | 
"{9F210811-18BA-4DAC-B489-2758294E0298}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{A37170B6-06F3-4D24-AB63-55A5995954DA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{ACC99F29-BF0E-4D38-9CE0-36CFB7017369}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{AF85A867-15DB-4DF3-8619-C87ECA9524B0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe | 
"{B07C961D-7B29-4922-9800-34CD2F0D4422}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B973A505-BC68-44B2-B3D3-292C63D85EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BC467A10-591E-443D-AE63-6297DEA55FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C054A801-26FA-431A-A940-184708FCA23B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C82E17CE-203F-4643-864E-C6E7C1D6EA82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9D249EB-1EF0-4262-813E-21C3DE2839A3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | 
"{CFF29247-EA8B-4685-B648-D59BCD2BDFB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DB83E3E9-AFA3-467F-A7F1-50E9BDB80591}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DFB61872-D864-4322-8B5E-DE5454D75D29}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E36C8477-C2E3-4B0F-A042-D2EBEA20FF1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E4909985-78FD-4E73-BE9F-21803A9F8B05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7EBA883-9166-4638-A529-E113BBBEF648}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{EDB830B1-E5C4-40F8-842C-C01E778E777D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F589661F-60BF-49E3-A7AC-526748AE95AC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{FBC32940-627B-4E1F-98FD-12FDE2E376A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{03B431BA-9898-4370-BC9D-E00836A7ACD1}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"TCP Query User{1ED8DF34-DE39-4F09-BFBA-CC29BEA8282B}G:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"TCP Query User{1FE46B1D-886D-406E-92BD-08F21D4FB331}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"TCP Query User{22324E7F-61C4-4909-982E-CD464E138AB3}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"TCP Query User{242527E0-D864-42B3-8483-4FC3775BC466}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{3C6751BB-859C-4DDA-8905-E794116FCE49}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"TCP Query User{4DA236ED-2A45-43D3-9137-3C45880B13F8}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"TCP Query User{57FC41FD-CE6B-434A-A1A7-FEC088D038A1}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe | 
"TCP Query User{617D5E94-1F72-492E-934D-5D09E9EA8E24}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"TCP Query User{6B532BE5-493E-41BF-941F-7DC236AC0548}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"TCP Query User{735BFB86-B5BB-4FC4-BE29-93123B3926E1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{89D86BE3-CEA2-49A6-B956-7EABAA6A0F45}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{9450C8D4-395B-462E-B974-9C6691F6D5DC}G:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"TCP Query User{9480224F-5F93-4309-84F1-77321CA7848B}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe | 
"TCP Query User{B9F272B3-0A7A-42C8-9F47-273C8AA2EF33}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{C3CC5A83-8A41-4F62-AE3F-6120470AA3BA}G:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"TCP Query User{DBE14D10-F477-40B8-B83E-1CA9A8F0D8A7}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"TCP Query User{EC3F42A1-89D7-4043-ADB5-28F5F93845E3}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{EDC5029A-4AE8-4EDA-B378-9A22C3FE32BC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{05785A86-9D50-4C05-B05F-B860E40A041B}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"UDP Query User{091C84D1-0A74-4E90-8F14-A156421564BB}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe | 
"UDP Query User{20C8FF66-10A3-43BE-BF64-FAD5DD4A4660}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"UDP Query User{287C93FF-3F65-4C4E-B5DF-6A6551FECA9A}C:\program files (x86)\wifiamp\wifiamp server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wifiamp\wifiamp server.exe | 
"UDP Query User{3D9904F1-298E-407D-970D-A0215EE55D38}G:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\tmf\server\maniaplanetserver.exe | 
"UDP Query User{3FE1FFA1-E70E-4316-9A5A-42883FD0424D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{6950DE41-DA64-49D1-971F-85994CFDE4FC}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{7399C382-FE80-460B-9917-C84DAB182BCB}G:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"UDP Query User{861EA591-C3CB-4BEE-AA1E-F4EB433BF455}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{893E07C7-46B4-4FDB-985B-9A3316BD8BC5}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"UDP Query User{B266F40C-36E2-4D30-A3A4-6DAFCA1BC764}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"UDP Query User{BE103C6A-73D2-4F0D-A0C6-5BBACB09A1E2}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"UDP Query User{D12296F4-B3E6-4D9C-A203-115D948AEBFC}G:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\usbtmfserver_v2.9beta2\webserver\mysql\bin\mysqld-nt.exe | 
"UDP Query User{D9AC2076-D272-4753-99AB-49A58925BBAD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{DA5BC5EE-CF94-4F78-8923-EECAE9FFF751}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{DB5AD1A4-B908-477B-A802-022155515030}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"UDP Query User{EF93FB3C-C2AE-4590-BA20-1FA947672763}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{EFADE744-6BC1-4EFD-B454-83CBFF7B2BD4}D:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=d:\users\fabio\downloads\usbtmfserver_v2.9beta2\usbtmfserver_v2.9beta2\webserver\apache2\bin\httpd.exe | 
"UDP Query User{F46D154F-3E7E-43CB-8AED-8AF47574885C}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"RealVNC_is1" = VNC Server 5.0.5
"RealVNCViewer_is1" = VNC Viewer 5.0.5
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1195C431-C98F-495C-B609-3390515FA22E}_is1" = WifiAmp Version 2.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2D6AE055-FC94-4E0F-9EB1-5250B850B707}" = ZERO-G
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50B55DD-1015-401C-95D0-58175473F174}" = MSI PLC Utility
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.9
"xampp" = XAMPP 1.8.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mediencenter" = Mediencenter 3.6.0.1202
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2013 21:07:52 | Computer Name = Fabio-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_169.exe,
 Version: 11.7.700.169, Zeitstempel: 0x5155fb9a  Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_169.exe,
 Version: 11.7.700.169, Zeitstempel: 0x5155fb9a  Ausnahmecode: 0x40000015  Fehleroffset:
 0x00017930  ID des fehlerhaften Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung:
 0x01ce42bd0c2887c0  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
Berichtskennung:
 e25962dc-aed6-11e2-9925-880201d22c15
 
Error - 27.04.2013 07:02:29 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.04.2013 07:02:33 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Last.fm\ext_messengernotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.04.2013 07:02:33 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Last.fm\ext_skypenotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.04.2013 07:04:10 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "d:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 26.04.2013 12:49:50 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.04.2013 12:54:32 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.04.2013 13:00:25 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.04.2013 06:15:23 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst nvsvc erreicht.
 
 
< End of report >

zoek-results

Code:

ATTFilter

Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Fabio on 27.04.2013 at 13:09:23,91.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

Deleted from C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://go.microsoft.com/fwlink/?LinkId=69157");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- Tab Utilities - %ProfilePath%\extensions\tabutils@ithinc.cn.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
D4BD9F86123C87ECA570418B69326F99	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
5CFAE4C01C044DCC77771E46E2B3544A	- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -	PDF-XChange Viewer
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.03.2013 01:29]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Fabio\AppData\Local\Mozilla\Firefox\Profiles\kk4m4oj0.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Fabio\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

Fehler besteht weiterhin

M-K-D-B · 30.04.2013, 09:50

Servus,

seit wann (Datum!) genau besteht dieses Problem?
Tritt das Problem nur in Firefox auf?

Es gibt neue Versionen von AdwCleaner und JRT. Wir versuchen es u. a. damit.

Schritt 1

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Deinstallation.
Bestätige mit Ja.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Lösche die vorhandene JRT von deinem Desktop. Wir nehmen eine neue Version:

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 5
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*ligatus*

:folderfind
*ligatus*

:regfind
ligatus
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Beantwortung der gestellten Fragen,
die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von OTL,
die Logdatei von SystemLook.

aloukat · 30.04.2013, 15:21

SystemLook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 15:28 on 30/04/2013 by Fabio
Administrator - Elevation successful

========== filefind ==========

Searching for "*ligatus*"
No files found.

========== folderfind ==========

Searching for "*ligatus*"
No folders found.

========== regfind ==========

Searching for "ligatus"
No data found.

-= EOF =-

ADW Cleaner:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 30/04/2013 um 15:08:23 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Fabio - Fabio-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Fabio\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\SocialBit

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\prefs.js

C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\kk4m4oj0.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1247 octets] - [26/04/2013 16:35:06]
AdwCleaner[S2].txt - [931 octets] - [30/04/2013 15:08:23]

########## EOF - C:\AdwCleaner[S2].txt - [990 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Professional x64
Ran by Fabio on 30.04.2013 at 15:14:46,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\kk4m4oj0.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.04.2013 at 15:19:32,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL:

Code:

ATTFilter

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fabio
->Temp folder emptied: 34474083 bytes
->Temporary Internet Files folder emptied: 6112448 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8903107 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2738 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 610000590 bytes
 
Total Files Cleaned = 629,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_152336

Files\Folders moved on Reboot...
C:\Users\Fabio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Das Problem besteht seit dem 23/24.04.13 habe erst noch versucht mit Avast & Co es los zu werden aber hat leider nicht geholfen.

Besteht die möglichkeit das es an einer website liegt? Mir ist aufgefallen das wenn ich nur mit diesem einen tab arbeite (die anderen Tabs nicht geladen, also im background) das problem nicht so häufig auftritt. Wenn ich aber mehrere tabs aktiv geladen habees öfters auftritt. Allerdings sind die anderen tabs alles Vertrauenswürdige, wie Vereinsseiten, Seiten von Ligen, für meinen server, Community seinte, Bank.

M-K-D-B · 30.04.2013, 16:42

Servus,

Zitat:

Zitat von aloukat

Besteht die möglichkeit das es an einer website liegt? Mir ist aufgefallen das wenn ich nur mit diesem einen tab arbeite (die anderen Tabs nicht geladen, also im background) das problem nicht so häufig auftritt. Wenn ich aber mehrere tabs aktiv geladen habees öfters auftritt. Allerdings sind die anderen tabs alles Vertrauenswürdige, wie Vereinsseiten, Seiten von Ligen, für meinen server, Community seinte, Bank.

Es könnte schon sein, dass es an einer Website liegt.... hmm.

Ich hab noch eine Idee:

Öffne Firefox.
Gib in die Adressleiste about:config ein und drücke Enter
Bestätige die Sicherheitsabfrage mit Ich werde vorsichtig sein, versprochen!
Gib in die Suchleiste ligatus ein.
Werden dir dabei Einträge angezeigt?
Wenn ja, wie heißen diese Einträge (Einstellungsname/Status/Typ/Wert)?
Schließe Firefox wieder.

aloukat · 30.04.2013, 16:57

Hi,

also in der Config ist kein eintrag mit ligatus zu finden.

Allerdings war er heute noch nicht da, zuletzt gestern.
Ich werde es jetzt mal weiter beobachten (da du scheinbar auch langsam am ende bist mit deinem Latein) wann genau das poppup auftaucht.

M-K-D-B · 30.04.2013, 17:01

Servus,

surfe ein wenig mit Firefox und gib mir morgen wieder Bescheid.
Sollte das Problem dann immer noch da sein, dann hab ich noch eine Idee.

aloukat · 01.05.2013, 22:28

Fehler besteht immernoch, gerade aufgetaucht. Allerdings beim Einstellen von Teamspeak.

M-K-D-B · 02.05.2013, 10:09

Zitat:

Zitat von aloukat

Fehler besteht immernoch, gerade aufgetaucht. Allerdings beim Einstellen von Teamspeak.

Beim Einstellen von Firefox ist ein Pop-up unter Firefox aufgesprungen?

Starte Firefox
Klicke auf Firefox > Hilfe > Informationen zur Fehlerbehebung
Klicke auf Firefox zurücksetzen
Klicke abschließend auf Fertigstellen
Bebilderte Anleitung

Berichte mir, ob danach das Pop-up immer noch kommt.

aloukat · 02.05.2013, 10:29

Beim Einstellen von Teamspeak (ein Voice Chat Tool) ist einfach FireFox in den Vordergrund "gesprungen" mit dem Popup als neuen Tab (als hätte ich auf einen Hyperlink geklickt, was aber definitiv nicht so war)

Soll ich FireFox trotzdem zurücksetzen?

M-K-D-B · 02.05.2013, 10:34

Zitat:

Zitat von aloukat

Soll ich FireFox trotzdem zurücksetzen?

Ja, mach mal bitte. Und poste anschließend eine neue Logdatei von OTL und berichte, wie Firefox so läuft.

aloukat · 02.05.2013, 16:26

Also fehler ist noch nicht aufgetreten, aber habe gerade ein anderes PC Problem, wo ich nicht mehr weiter weiß. Und zwar ist mein Internet seit heute total Lahm. Nach etlichen Speed test, kriege ich im moment maximal nen Download von 200KB/s, (zwischendurch auch 0,0kb/s oder 0,5kb/s) statt 14.000kb/s. Bei allen anderen in der Familie läuft alles ganz normal, mit vollen 15.000kb/s.
Kann es sein das was auch immer ich mir eingefangen habe meine Internet leitung erheblich blockiert?

Code:

ATTFilter

OTL logfile created on: 02.05.2013 17:08:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Fabio\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,67% Memory free
8,00 Gb Paging File | 5,80 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 295,69 Gb Free Space | 73,92% Space Free | Partition Type: NTFS
Drive D: | 531,41 Gb Total Space | 230,17 Gb Free Space | 43,31% Space Free | Partition Type: NTFS
Drive E: | 3,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: Fabio-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (vncserver) -- C:\Programme\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Bigfoot Networks Killer Service) -- C:\Programme\Bigfoot Networks\Killer Network Manager\BFNService.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BFN7x64) -- C:\Windows\SysNative\drivers\Xeno7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (BfEdge7x64) -- C:\Windows\SysNative\drivers\Edge7x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 95 93 C8 DF 1C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.11 00:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 12:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.02 22:51:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 12:18:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.15 22:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2013.05.02 11:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\bpkjxz0n.default-1367487577688\extensions
[2013.05.02 11:52:13 | 000,104,361 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\bpkjxz0n.default-1367487577688\extensions\tabutils@ithinc.cn.xpi
[2013.05.02 11:40:29 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\bpkjxz0n.default-1367487577688\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.05.02 12:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.02 12:18:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.22 15:14:36 | 000,000,965 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: youporn.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263943DD-DE6E-4994-98AC-11C32EE23874}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E8CED0-DE40-415E-8091-50C263AE7E0C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926A6B0C-7261-43C1-BF31-DF85B98F7A60}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8F8BD4F-F2F8-4C29-B8BF-9C94CDB3C96A}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0C5808-A2B0-4D2C-B200-0A8ACFC42349}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.06.14 03:40:45 | 000,000,145 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 12:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.02 11:39:43 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Alte Firefox-Daten
[2013.04.30 15:13:39 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT(1).exe
[2013.04.30 15:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.27 18:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.04.27 18:09:08 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\players
[2013.04.27 16:54:10 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.27 16:54:09 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.27 16:54:08 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.27 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.27 16:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2013.04.27 13:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.04.27 13:13:20 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\Temp
[2013.04.27 13:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.26 18:49:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.26 18:19:00 | 005,059,946 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:43:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.26 17:42:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 17:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.26 17:16:24 | 002,347,384 | ---- | C] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 16:52:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.26 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.26 16:49:27 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:09 | 000,700,783 | R--- | C] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.23 13:17:13 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Updater
[2013.04.23 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.04.23 12:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.04.23 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.04.23 12:38:47 | 000,000,000 | ---D | C] -- C:\PS2
[2013.04.23 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\iConvert
[2013.04.23 03:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.23 03:50:44 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.04.23 03:39:37 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\fontconfig
[2013.04.23 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Local\gegl-0.2
[2013.04.23 03:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.23 03:18:55 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\Carskin
[2013.04.17 22:55:27 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Documents\Backup
[2013.04.17 22:28:53 | 000,000,000 | ---D | C] -- D:\Users\Fabio\Desktop\TM2
[2013.04.15 21:29:15 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.04.15 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.04.02 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 17:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 17:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 17:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 00:39:51 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2013.05.01 19:59:45 | 000,000,600 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
[2013.04.30 15:27:25 | 000,165,376 | ---- | M] () -- D:\Users\Fabio\Desktop\SystemLook_x64.exe
[2013.04.30 15:13:44 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- D:\Users\Fabio\Desktop\JRT(1).exe
[2013.04.30 15:07:00 | 000,628,743 | ---- | M] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.27 18:15:43 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.27 18:15:43 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.27 18:15:42 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini
[2013.04.27 16:54:04 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.27 16:54:04 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.27 13:09:20 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\OTL.exe
[2013.04.27 13:07:04 | 001,273,277 | ---- | M] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 23:40:13 | 000,082,344 | ---- | M] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.26 18:18:52 | 005,059,946 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\ComboFix.exe
[2013.04.26 17:16:26 | 002,347,384 | ---- | M] (ESET) -- D:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 16:49:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\Fabio\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.26 16:43:12 | 000,700,783 | R--- | M] (Swearware) -- D:\Users\Fabio\Desktop\dds+.exe
[2013.04.26 16:42:10 | 000,448,512 | ---- | M] (OldTimer Tools) -- D:\Users\Fabio\Desktop\TFC.exe
[2013.04.25 19:16:50 | 000,024,209 | ---- | M] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.25 01:37:16 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.24 23:56:50 | 000,077,592 | ---- | M] () -- C:\Windows\SysNative\ladfGSRCoinst_amd64.dll
[2013.04.24 22:15:27 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.24 19:51:10 | 000,461,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 13:39:35 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 13:35:15 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 13:35:14 | 000,040,960 | ---- | M] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.23 12:41:36 | 000,001,391 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.22 18:24:04 | 000,139,976 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.22 18:23:18 | 000,282,825 | ---- | M] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.22 15:14:36 | 000,000,965 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.22 15:14:36 | 000,000,964 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013.04.19 20:53:01 | 000,117,342 | ---- | M] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.15 16:20:04 | 000,000,132 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.04.11 23:51:19 | 001,460,661 | ---- | M] () -- D:\Users\Fabio\Desktop\Polo_Schwarz.jpg
[2013.04.05 23:58:27 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 23:58:27 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 23:58:27 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 23:58:27 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 23:58:27 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 01:10:59 | 000,001,362 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.30 15:27:24 | 000,165,376 | ---- | C] () -- D:\Users\Fabio\Desktop\SystemLook_x64.exe
[2013.04.30 15:06:54 | 000,628,743 | ---- | C] () -- D:\Users\Fabio\Desktop\adwcleaner.exe
[2013.04.27 18:15:43 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2013.04.27 18:15:43 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2013.04.27 18:15:42 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2013.04.27 16:54:04 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.27 16:54:04 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.27 16:54:04 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.27 13:13:20 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.04.27 13:06:48 | 001,273,277 | ---- | C] () -- D:\Users\Fabio\Desktop\zoek.exe
[2013.04.26 16:52:28 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.25 19:16:50 | 000,024,209 | ---- | C] () -- D:\Users\Fabio\Desktop\important_meeting.JPG
[2013.04.24 23:56:50 | 000,077,592 | ---- | C] () -- C:\Windows\SysNative\ladfGSRCoinst_amd64.dll
[2013.04.23 12:42:04 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.04.23 12:41:36 | 000,001,391 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.04.23 12:41:17 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.04.23 12:40:47 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.04.23 12:40:47 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.04.23 03:45:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.04.23 03:45:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.04.23 03:45:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.04.22 18:23:17 | 000,282,825 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink_2.JPG
[2013.04.21 22:43:37 | 000,139,976 | ---- | C] () -- D:\Users\Fabio\Desktop\manialink.JPG
[2013.04.21 21:14:56 | 000,082,344 | ---- | C] () -- D:\Users\Fabio\Documents\music.m3u
[2013.04.19 20:53:01 | 000,117,342 | ---- | C] () -- D:\Users\Fabio\Desktop\patrick_langeweile.JPG
[2013.04.03 01:10:59 | 000,001,362 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.29 19:05:02 | 000,180,148 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.02.10 20:22:30 | 000,000,132 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.02.09 22:24:50 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.09 17:04:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 17:04:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 17:04:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 17:04:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 17:04:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 12:01:13 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI
[2013.01.26 11:51:06 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2012.11.09 00:30:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.11.01 01:40:51 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.01 01:40:49 | 003,233,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.01 01:40:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 00:01:09 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Local\PUTTY.RND
[2012.08.08 23:20:23 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\winscp.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.02 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Ashampoo
[2012.09.28 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Audacity
[2013.02.03 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Canon
[2013.05.02 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Dropbox
[2013.03.23 03:13:29 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\DVDVideoSoft
[2013.03.21 21:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\GHISLER
[2013.05.02 16:28:38 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\ICQ
[2013.02.10 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\iFunbox_UserCache
[2012.08.13 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\IrfanView
[2012.08.07 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Leadertech
[2012.08.09 20:27:22 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Notepad++
[2012.11.07 21:49:50 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Origin
[2012.11.21 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\ProtectDISC
[2013.04.22 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\redsn0w
[2012.11.09 00:47:52 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Softland
[2013.04.03 00:59:30 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TeamViewer
[2012.09.24 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Telekom
[2012.08.08 23:20:51 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Thunderbird
[2013.05.02 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TS3Client
[2012.09.25 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\TuneUp Software
[2012.11.01 01:32:15 | 000,000,000 | ---D | M] -- C:\Users\Fabio\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

30.04.2013, 17:01	#10
M-K-D-B /// TB-Ausbilder	e.ligatus.com 34088 Poppup Servus, surfe ein wenig mit Firefox und gib mir morgen wieder Bescheid. Sollte das Problem dann immer noch da sein, dann hab ich noch eine Idee.

e.ligatus.com 34088 Poppup

Log-Analyse und Auswertung: e.ligatus.com 34088 Poppup