| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google redirect Virus entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2013, 19:14
| #1 |
| |  Google redirect Virus entfernen Hey Leute, ich habe mir vor einiger Zeit diesen Google redirect Virus eingefangen. Diesen möchte ich jetzt entfernen, bekomme es allerdings alleine nicht hin. Ich schreine gerade an meiner Abschlussarbeit und muss viel Internet recherche durchführen, wo dieser Virus sehr störend ist. So ich arbeite jetzt mal die to-do Liste ab um einen Anfang zu machen: Schritt 1: defogger ausgeführt, keine Fehler, kein Neustart des Computers Schritt 2: OTL: hier der Inhalt aus OTL.txt: eine zweite txt wurde leider nicht ausgeworfen Code:
ATTFilter OTL logfile created on: 07.06.2013 19:45:02 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADenkel\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 8,04 Gb Available Physical Memory | 66,99% Memory free
23,99 Gb Paging File | 19,64 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 736,10 Gb Total Space | 282,31 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,09 Gb Total Space | 22,19 Gb Free Space | 7,44% Space Free | Partition Type: NTFS
Drive K: | 14,92 Gb Total Space | 9,36 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive M: | 1863,01 Gb Total Space | 334,60 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
Computer Name: ADENKEL-PC | User Name: ADenkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ADenkel\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Windows\SysWOW64\sqlite3.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (mi-raysat_3dsmax2012_64) -- C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2011_64) -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (CLBUDF) -- C:\Windows\CLBUDF.tbl ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 A9 D3 40 51 66 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{02846768-E30E-42f0-95E3-2AF704DA8C8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4C3FDEAB-C42A-49F9-9931-92B65DDE177E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{7774EDFF-4D41-4613-AB97-D428D276D9CA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{DA533647-73C6-4d8c-B091-53D1555A5CA6}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: 5%40thumbpro.net:1.7
FF - prefs.js..extensions.enabledAddons: beamgeraet%40web.de:4.11.0.30
FF - prefs.js..extensions.enabledAddons: iweb2x%40sciweavers.org:1.0
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.12.22 23:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
[2012.05.30 15:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Extensions
[2013.06.07 17:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions
[2011.12.23 00:46:06 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2013.06.07 17:28:48 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ascsurfingprotection@iobit.com
[2012.09.22 20:57:56 | 000,000,000 | ---D | M] (Youtube Music Player) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\beamgeraet@web.de
[2013.06.07 16:10:56 | 000,000,000 | ---D | M] (Instair) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\contact@instair.net
[2013.04.11 00:29:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ich@maltegoetz.de
[2012.10.25 10:09:50 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\netvideohunter@netvideohunter.com
[2012.04.20 09:50:12 | 000,007,926 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\5@thumbpro.net.xpi
[2013.03.27 20:57:21 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.09.22 14:34:58 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\ciuvo-extension@icq.de.xpi
[2012.01.10 14:55:22 | 000,082,854 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\iweb2x@sciweavers.org.xpi
[2013.05.14 09:18:34 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\toolbar@gmx.net.xpi
[2012.04.20 09:53:42 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.03.27 20:24:01 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.12 17:18:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.14 09:18:37 | 000,002,418 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\englische-ergebnisse.xml
[2013.05.14 09:18:37 | 000,010,701 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\gmx-suche.xml
[2011.09.30 17:18:16 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-10.xml
[2011.10.03 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-11.xml
[2011.11.07 01:13:20 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-12.xml
[2011.11.10 23:40:42 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-13.xml
[2011.11.29 11:46:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-14.xml
[2011.12.21 12:02:41 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-15.xml
[2011.12.31 13:37:24 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-16.xml
[2012.01.07 12:22:30 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-17.xml
[2012.02.02 16:22:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-18.xml
[2012.02.14 20:51:59 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-19.xml
[2012.02.23 22:13:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-20.xml
[2012.03.25 21:08:48 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-21.xml
[2012.04.01 22:45:07 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-22.xml
[2012.04.25 15:28:38 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-23.xml
[2012.06.09 20:07:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-24.xml
[2012.06.19 23:26:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-25.xml
[2012.07.03 15:05:06 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-26.xml
[2012.07.18 20:14:49 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-27.xml
[2012.07.26 11:53:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-28.xml
[2012.09.23 10:26:34 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-29.xml
[2012.10.21 16:19:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-30.xml
[2012.10.30 18:20:43 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-31.xml
[2012.12.06 12:28:25 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-32.xml
[2013.01.12 01:02:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-33.xml
[2013.01.19 06:20:05 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-34.xml
[2013.02.06 13:05:01 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-35.xml
[2013.03.27 21:01:33 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-36.xml
[2013.04.22 21:28:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-37.xml
[2013.05.21 15:36:31 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-38.xml
[2011.06.24 11:58:36 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-4.xml
[2011.06.29 18:01:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-5.xml
[2011.08.18 10:03:04 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-6.xml
[2011.09.01 18:42:35 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-7.xml
[2011.09.12 21:17:19 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-8.xml
[2011.09.27 20:26:28 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-9.xml
[2013.05.14 09:18:37 | 000,002,432 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\lastminute.xml
[2013.05.14 09:18:37 | 000,005,682 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\webde-suche.xml
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.21 11:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012.06.06 22:06:58 | 000,001,366 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 c.icq.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [ICQ] C:\Users\ADenkel\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06836FBF-AD2C-46A7-8448-2BD13982C57A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACA866-82B1-414E-8DE2-89218E617A77}: DhcpNameServer = 212.23.115.148 212.23.115.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B2F709-6893-4297-90FD-C11E5366ACE3}: DhcpNameServer = 212.23.115.148 212.23.97.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.13 03:17:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013.06.07 16:25:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.01.09 20:02:18 | 000,901,175 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.01.30 14:17:12 | 000,000,265 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{67c97d3b-c31a-11df-b8b1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67c97d3b-c31a-11df-b8b1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2003.01.09 20:02:18 | 000,901,175 | R--- | M] ()
O33 - MountPoints2\{67c97d3b-c31a-11df-b8b1-806e6f6e6963}\Shell\install\command - "" = D:\autorun.exe -- [2003.01.09 20:02:18 | 000,901,175 | R--- | M] ()
O33 - MountPoints2\{67c97d3c-c31a-11df-b8b1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67c97d3c-c31a-11df-b8b1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\viewer\viewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.07 17:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.06.07 17:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013.06.07 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Malwarebytes
[2013.06.07 17:03:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.07 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.07 16:50:54 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.07 16:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.07 16:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.07 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Documents\Razer
[2013.06.07 16:11:49 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Razer
[2013.06.07 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.06.07 16:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.06.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013.06.07 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.07 16:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013.06.07 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.06.07 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.06.07 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Instair
[2013.06.07 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks 2013 Hilfe
[2013.06.07 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2013
[2013.06.07 12:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks2013
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Creative
[2013.06.06 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.06.06 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Creative
[2013.06.06 11:32:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.06.06 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.06.06 11:31:54 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.06 11:31:51 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.06.06 11:31:51 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.06.06 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.06.06 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.06.06 11:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.06.03 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis Bilder
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterics3.3.1
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\asterics3.3.1
[2013.05.23 09:59:18 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.05.23 09:58:31 | 012,046,698 | ---- | C] (University Duisburg-Essen, Germany ) -- C:\Users\ADenkel\Desktop\setup.exe
[2013.05.21 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.17 16:11:47 | 000,000,000 | ---D | C] -- C:\Riot Games2
[2013.05.17 15:45:27 | 000,000,000 | ---D | C] -- C:\Hurengame
[2013.05.17 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\.swt
[2013.05.17 14:05:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.05.17 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.17 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.05.17 13:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.05.15 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis
[2013.05.14 17:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jungle Timer
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jungle Timer
[2013.05.14 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2013.05.14 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.12 16:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.11.15 18:15:36 | 269,767,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\X16-32786.exe
[7 C:\Users\ADenkel\Desktop\*.tmp files -> C:\Users\ADenkel\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.07 19:44:47 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 19:44:47 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 19:42:24 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.07 19:37:46 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 19:37:17 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\purmhje.job
[2013.06.07 19:37:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 19:37:04 | 1095,205,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.07 19:37:04 | 1072,205,822 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 19:21:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001UA.job
[2013.06.07 19:18:35 | 000,000,000 | ---- | M] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 18:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.07 17:28:46 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:45:30 | 000,000,296 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.07 16:25:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 16:09:36 | 007,149,164 | ---- | M] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | M] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 11:59:03 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.07 11:59:03 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.07 11:59:03 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.07 11:59:03 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.07 11:59:03 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 11:20:51 | 006,930,304 | ---- | M] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:39 | 001,925,686 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.07 08:57:44 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.06.06 22:21:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001Core.job
[2013.06.06 11:32:09 | 000,000,380 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:54 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.05 09:23:23 | 000,378,486 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:30 | 000,428,152 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:14:03 | 000,433,249 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.06.02 22:21:38 | 000,001,053 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.28 15:50:00 | 000,044,484 | ---- | M] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:24 | 001,620,990 | ---- | M] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.26 12:36:14 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2013.05.25 23:11:25 | 000,098,275 | ---- | M] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013.05.22 10:52:39 | 000,184,278 | ---- | M] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:23:13 | 061,385,895 | ---- | M] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[7 C:\Users\ADenkel\Desktop\*.tmp files -> C:\Users\ADenkel\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.07 19:18:35 | 000,000,000 | ---- | C] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 17:28:46 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:45:14 | 000,000,296 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.07 16:25:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 13:06:23 | 007,149,164 | ---- | C] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 12:05:41 | 2128,204,125 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part2.rar
[2013.06.07 12:04:14 | 3750,000,000 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part1.exe
[2013.06.07 11:56:21 | 1583,624,856 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl SP2 R1.zip
[2013.06.07 11:20:51 | 006,930,304 | ---- | C] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:47 | 001,925,686 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.06 11:31:58 | 000,032,173 | ---- | C] () -- C:\Windows\SysNative\UHSFatW.ini
[2013.06.06 11:31:58 | 000,012,044 | ---- | C] () -- C:\Windows\UHSAFX64.ssc
[2013.06.06 11:31:58 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini
[2013.06.06 11:31:58 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini
[2013.06.06 11:31:58 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2013.06.06 11:31:57 | 000,325,120 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.06.06 11:31:57 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.06.06 11:31:57 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.06.06 11:31:57 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.06.06 11:31:57 | 000,000,380 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.06.05 09:23:21 | 000,378,486 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:28 | 000,428,152 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:13:59 | 000,433,249 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.05.28 15:50:00 | 000,044,484 | ---- | C] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:07 | 001,620,990 | ---- | C] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.25 23:11:25 | 000,098,275 | ---- | C] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.05.23 09:58:31 | 000,007,977 | ---- | C] () -- C:\Users\ADenkel\Desktop\Readme.rtf
[2013.05.22 10:52:38 | 000,184,278 | ---- | C] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:22:36 | 061,385,895 | ---- | C] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.17 14:21:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.30 15:22:55 | 000,003,584 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 23:39:03 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2012.02.13 20:18:00 | 000,007,660 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Resmon.ResmonCfg
[2012.01.08 15:39:02 | 002,020,367 | ---- | C] () -- C:\Users\ADenkel\P1010812.JPG
[2012.01.08 15:39:02 | 001,977,572 | ---- | C] () -- C:\Users\ADenkel\P1010825.JPG
[2012.01.08 15:39:02 | 001,936,751 | ---- | C] () -- C:\Users\ADenkel\P1010818.JPG
[2012.01.08 15:39:02 | 001,909,361 | ---- | C] () -- C:\Users\ADenkel\P1010821.JPG
[2012.01.08 15:39:02 | 001,901,126 | ---- | C] () -- C:\Users\ADenkel\P1010824.JPG
[2012.01.08 15:39:02 | 001,900,824 | ---- | C] () -- C:\Users\ADenkel\P1010822.JPG
[2012.01.08 15:39:02 | 001,881,533 | ---- | C] () -- C:\Users\ADenkel\P1010811.JPG
[2012.01.08 15:39:02 | 001,866,815 | ---- | C] () -- C:\Users\ADenkel\P1010823.JPG
[2012.01.08 15:39:02 | 001,857,687 | ---- | C] () -- C:\Users\ADenkel\P1010819.JPG
[2012.01.08 15:39:02 | 001,840,688 | ---- | C] () -- C:\Users\ADenkel\P1010820.JPG
[2012.01.08 15:39:02 | 001,784,087 | ---- | C] () -- C:\Users\ADenkel\P1010817.JPG
[2012.01.08 15:39:02 | 001,780,794 | ---- | C] () -- C:\Users\ADenkel\P1010813.JPG
[2012.01.08 15:39:02 | 001,769,988 | ---- | C] () -- C:\Users\ADenkel\P1010810.JPG
[2012.01.08 15:39:02 | 001,659,218 | ---- | C] () -- C:\Users\ADenkel\P1010816.JPG
[2012.01.08 15:39:02 | 001,627,105 | ---- | C] () -- C:\Users\ADenkel\P1010815.JPG
[2012.01.08 15:39:02 | 001,311,765 | ---- | C] () -- C:\Users\ADenkel\P1010809.JPG
[2012.01.08 15:39:02 | 001,171,161 | ---- | C] () -- C:\Users\ADenkel\P1010805.JPG
[2012.01.08 15:39:02 | 001,134,570 | ---- | C] () -- C:\Users\ADenkel\P1010806.JPG
[2012.01.08 15:39:02 | 000,977,249 | ---- | C] () -- C:\Users\ADenkel\P1010814.JPG
[2012.01.08 15:39:02 | 000,862,410 | ---- | C] () -- C:\Users\ADenkel\P1010807.JPG
[2012.01.08 15:39:02 | 000,801,502 | ---- | C] () -- C:\Users\ADenkel\P1010808.JPG
[2012.01.01 23:16:35 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_16.xml
[2011.12.31 15:20:18 | 000,001,456 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.23 02:19:35 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 23:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.27 14:08:27 | 000,184,320 | RHS- | C] () -- C:\Windows\SysWow64\winvers.dll
[2011.06.22 11:57:28 | 000,155,627 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 8.pdf
[2011.06.22 11:57:28 | 000,099,739 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 10.pdf
[2011.06.22 11:57:28 | 000,095,350 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 9.pdf
[2011.06.22 11:57:28 | 000,076,879 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 7.pdf
[2010.11.23 14:50:14 | 002,957,563 | ---- | C] () -- C:\Users\ADenkel\preview_.mxi
[2010.11.23 14:50:14 | 000,162,202 | ---- | C] () -- C:\Users\ADenkel\preview_.png
[2010.10.27 19:48:03 | 000,000,132 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Adobe PNG Format CS5 Prefs
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.13 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Autodesk
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Canon
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD Label Designer
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD-LabelPrint
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.06.07 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Dropbox
[2011.12.23 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Duden
[2012.06.05 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\DVDVideoSoft
[2012.06.14 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ESRI
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2010.help.deu.C597E665C9D833B0F52B09434821DFAEF4904789.1
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1
[2012.05.30 15:20:15 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreeFLVConverter
[2012.01.10 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreePDF
[2012.04.14 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\GetRightToGo
[2013.03.28 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ
[2013.01.04 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ-Profile
[2013.01.04 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQM
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Indigo Renderer
[2013.06.07 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.04.24 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Leadertech
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Local
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient
[2012.05.24 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient2
[2013.06.07 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\MAXON
[2013.01.05 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Mumble
[2011.12.23 00:46:07 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Nemetschek
[2012.01.17 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\PDF Writer
[2013.05.14 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SpeedSim
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SplitMediaLabs
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TeamViewer
[2011.12.23 00:46:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TS3Client
[2013.01.25 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ViperSettingsFolder
[2013.01.25 12:19:55 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\ViperUpdate AU
[2013.01.25 12:26:13 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
< End of report >
 Ich bedanke mich jetzt schon einmal für eure Unterstützung Mit freundlichen Grüßen Achim |
|
07.06.2013, 19:36
| #2 |
| /// the machine /// TB-Ausbilder    | Google redirect Virus entfernen Hi,
__________________Scan mit Combofix
__________________ |
|
08.06.2013, 09:21
| #3 |
| | Google redirect Virus entfernen Hier das Ergebnis des Combofix Scans:
__________________Code:
ATTFilter ComboFix 13-06-07.03 - ADenkel 08.06.2013 9:11.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.12286.9801 [GMT 2:00]
ausgeführt von:: c:\users\ADenkel\Desktop\ComboFix.exe
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx(2).ddr
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de(2).divx
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi(2).ddp
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi.ddp
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\video.avi(2).ddr
c:\users\ADenkel\AppData\Roaming\Local\Temp\DDM\Settings\video.avi.ddr
c:\users\ADenkel\Desktop\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-08 bis 2013-06-08 ))))))))))))))))))))))))))))))
.
.
2013-06-08 08:00 . 2013-06-08 08:00 -------- d-----w- c:\users\Sketchup\AppData\Local\temp
2013-06-08 08:00 . 2013-06-08 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 15:28 . 2013-06-07 15:28 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-06-07 15:03 . 2013-06-07 15:03 -------- d-----w- c:\users\ADenkel\AppData\Roaming\Malwarebytes
2013-06-07 15:03 . 2013-06-07 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-07 15:03 . 2013-06-07 15:03 -------- d-----w- c:\programdata\Malwarebytes
2013-06-07 15:03 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-07 14:51 . 2013-06-07 14:51 -------- d-----w- c:\windows\ERUNT
2013-06-07 14:50 . 2013-06-07 14:51 -------- d-----w- C:\JRT
2013-06-07 14:45 . 2013-06-07 14:45 296 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-07 14:24 . 2013-06-07 14:24 -------- d-----w- c:\program files\Enigma Software Group
2013-06-07 14:24 . 2013-06-07 14:43 -------- d-----w- c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-07 14:24 . 2013-06-07 14:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-07 14:11 . 2013-06-07 14:11 -------- d-----w- c:\users\ADenkel\AppData\Local\Razer
2013-06-07 14:11 . 2013-06-07 14:11 -------- d-----w- c:\programdata\Razer
2013-06-07 14:11 . 2013-06-07 14:11 -------- d-----w- c:\program files (x86)\Razer
2013-06-07 14:11 . 2013-06-07 15:29 -------- d-----w- c:\programdata\IObit
2013-06-07 14:10 . 2013-06-07 15:28 -------- d-----w- c:\users\ADenkel\AppData\Roaming\IObit
2013-06-07 14:10 . 2013-06-07 15:28 -------- d-----w- c:\program files (x86)\IObit
2013-06-07 14:10 . 2013-06-07 15:10 -------- d-----w- c:\program files\Instair
2013-06-07 10:32 . 2013-06-07 10:33 -------- d-----w- c:\program files (x86)\Vectorworks 2013 Hilfe
2013-06-07 10:26 . 2013-06-07 10:33 -------- d-----w- c:\program files (x86)\Vectorworks2013
2013-06-06 10:08 . 2013-06-06 10:08 -------- d-----w- c:\users\ADenkel\AppData\Roaming\Creative
2013-06-06 09:32 . 2013-06-06 10:08 -------- d-----w- c:\programdata\Creative
2013-06-06 09:32 . 2013-06-06 09:32 -------- d-----w- c:\users\ADenkel\AppData\Local\Creative
2013-06-06 09:32 . 2013-06-06 09:32 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2013-06-06 09:32 . 2013-06-06 09:32 -------- d-----w- c:\program files (x86)\Common Files\Creative
2013-06-06 09:30 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-06-06 09:30 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-06-06 09:30 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-06-06 09:30 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-06-06 09:30 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-06-06 09:30 . 2013-06-06 09:30 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-06-06 09:30 . 2013-06-06 09:30 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-05-23 17:56 . 2013-05-23 17:56 -------- d-----w- c:\program files (x86)\JoWooD
2013-05-23 07:59 . 2013-05-23 07:59 -------- d-----w- c:\program files (x86)\asterics3.3.1
2013-05-23 07:59 . 2013-05-23 07:59 -------- d-----w- c:\windows\Downloaded Installations
2013-05-17 14:11 . 2013-05-17 14:11 -------- d-----w- C:\Riot Games2
2013-05-17 13:45 . 2013-05-17 13:45 -------- d-----w- C:\Hurengame
2013-05-17 13:44 . 2013-05-17 13:44 -------- d-----w- c:\users\ADenkel\.swt
2013-05-17 12:37 . 2013-05-17 12:37 16948616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-17 12:05 . 2013-05-17 12:05 -------- d-----w- c:\windows\CheckSur
2013-05-17 11:49 . 2013-05-17 11:49 -------- d-----w- c:\programdata\ATI
2013-05-17 11:49 . 2013-05-17 11:49 -------- d-----w- c:\program files (x86)\AMD AVT
2013-05-14 15:23 . 2013-05-14 15:23 -------- d-----w- c:\programdata\Caphyon
2013-05-14 15:23 . 2013-05-14 15:24 -------- d-----w- c:\program files (x86)\Jungle Timer
2013-05-14 15:23 . 2013-05-14 15:23 -------- d-----w- c:\users\ADenkel\AppData\Roaming\SitenApp
2013-05-14 11:56 . 2013-05-14 11:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-12 14:19 . 2013-05-12 14:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-12 14:19 . 2013-05-12 14:19 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 12:56 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 12:37 . 2013-04-10 22:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 12:37 . 2012-02-01 13:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 01:00 . 2012-11-21 11:28 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-12 14:19 . 2012-06-14 08:08 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-12 14:19 . 2010-10-04 08:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-12 14:36 . 2013-04-24 09:58 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2011-09-08 16:52 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2012-06-11 16:25 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2011-11-10 02:11 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2011-09-08 16:51 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2011-09-08 17:32 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2011-09-08 17:34 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2011-09-08 17:16 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2011-11-10 03:06 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2011-09-08 17:08 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2011-09-08 17:05 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2012-06-11 16:51 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2012-06-11 16:36 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2012-06-11 18:29 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:10 . 2011-09-08 16:53 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2012-06-11 16:26 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-19 06:19 . 2013-04-10 18:38 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:54 . 2013-04-10 18:38 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:06 . 2013-04-10 18:38 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 05:06 . 2013-04-10 18:38 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 04:53 . 2013-04-10 18:38 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:19 . 2013-04-10 18:38 112640 ----a-w- c:\windows\system32\smss.exe
2010-11-15 16:03 . 2010-11-15 16:15 269767576 ----a-w- c:\program files\X16-32786.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-25 07:15 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\ADenkel\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-17 4284976]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-02 385024]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-28 75048]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-04-30 103720]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-10-19 36864]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2009-11-06 8619008]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-05-16 1488192]
.
c:\users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
Logitech . Produktregistrierung.lnk - c:\program files\Logitech Gaming Software\EReg\eReg.exe [2013-4-24 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2010-9-19 25214]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [x]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - German 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/18 21:24];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys;c:\windows\SYSNATIVE\drivers\DRHARD64.sys [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MSSQL$KS21DB;SQL Server (KS21DB);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 12:37]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-07 11:41]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-07 11:41]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001Core.job
- c:\users\ADenkel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:06]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001UA.job
- c:\users\ADenkel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\ADenkel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: 2013-06-07 17:28; ascsurfingprotection@iobit.com; c:\users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-06-07 18:10; contact@instair.net; c:\users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\extensions\contact@instair.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - ~c:\users\ADenkel\AppData\Roaming\ICQM\icq.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-vShare.tv plugin - c:\program files (x86)\vShare.tv plugin\uninst.exe
AddRemove-Membranes24 3D Viewer - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-08 10:18:12
ComboFix-quarantined-files.txt 2013-06-08 08:18
.
Vor Suchlauf: 26 Verzeichnis(se), 346.520.297.472 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 347.574.317.056 Bytes frei
.
- - End Of File - - D0142FC9E5E435052B6B5B958D85A6F7
|
|
08.06.2013, 09:22
| #4 |
| /// the machine /// TB-Ausbilder | Google redirect Virus entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 13:25
| #5 |
| | Google redirect Virus entfernen So hier die nächsten Log Dateien: adwcleaner: Code:
ATTFilter # AdwCleaner v2.302 - Datei am 08/06/2013 um 12:53:06 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : ADenkel - ADENKEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ADenkel\Downloads\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Users\ADenkel\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\jetpack
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\ADenkel\AppData\Roaming\Mozilla\Firefox\Profiles\vfk58t0p.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [27747 octets] - [07/06/2013 16:44:57]
AdwCleaner[S2].txt - [1332 octets] - [08/06/2013 12:53:06]
########## EOF - C:\AdwCleaner[S2].txt - [1392 octets] ##########
Hier der log der junkware: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by ADenkel on 08.06.2013 at 13:36:13,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\Users\ADenkel\appdata\locallow\boost_interprocess"
~~~ FireFox
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\jetpack
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2013 at 13:45:24,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und hier nochmal eine frische OTL: Code:
ATTFilter OTL logfile created on: 08.06.2013 14:12:27 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADenkel\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 8,74 Gb Available Physical Memory | 72,83% Memory free
23,99 Gb Paging File | 19,82 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 736,10 Gb Total Space | 323,67 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
Drive D: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 14,92 Gb Total Space | 9,36 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive M: | 1863,01 Gb Total Space | 334,60 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
Computer Name: ADENKEL-PC | User Name: ADenkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ADenkel\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Riot Games2\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
PRC - C:\Riot Games2\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Riot Games2\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Riot Games2\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Riot Games2\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (mi-raysat_3dsmax2012_64) -- C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2011_64) -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (CLBUDF) -- C:\Windows\CLBUDF.tbl ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 A9 D3 40 51 66 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{02846768-E30E-42f0-95E3-2AF704DA8C8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4C3FDEAB-C42A-49F9-9931-92B65DDE177E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{7774EDFF-4D41-4613-AB97-D428D276D9CA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{DA533647-73C6-4d8c-B091-53D1555A5CA6}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: 5%40thumbpro.net:1.7
FF - prefs.js..extensions.enabledAddons: beamgeraet%40web.de:4.11.0.30
FF - prefs.js..extensions.enabledAddons: iweb2x%40sciweavers.org:1.0
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.12.22 23:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
[2012.05.30 15:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Extensions
[2013.06.07 17:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions
[2011.12.23 00:46:06 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2013.06.07 17:28:48 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ascsurfingprotection@iobit.com
[2012.09.22 20:57:56 | 000,000,000 | ---D | M] (Youtube Music Player) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\beamgeraet@web.de
[2013.06.07 16:10:56 | 000,000,000 | ---D | M] (Instair) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\contact@instair.net
[2013.04.11 00:29:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ich@maltegoetz.de
[2012.10.25 10:09:50 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\netvideohunter@netvideohunter.com
[2012.04.20 09:50:12 | 000,007,926 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\5@thumbpro.net.xpi
[2013.03.27 20:57:21 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.09.22 14:34:58 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\ciuvo-extension@icq.de.xpi
[2012.01.10 14:55:22 | 000,082,854 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\iweb2x@sciweavers.org.xpi
[2013.05.14 09:18:34 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\toolbar@gmx.net.xpi
[2012.04.20 09:53:42 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.03.27 20:24:01 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.12 17:18:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.14 09:18:37 | 000,002,418 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\englische-ergebnisse.xml
[2013.05.14 09:18:37 | 000,010,701 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\gmx-suche.xml
[2011.09.30 17:18:16 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-10.xml
[2011.10.03 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-11.xml
[2011.11.07 01:13:20 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-12.xml
[2011.11.10 23:40:42 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-13.xml
[2011.11.29 11:46:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-14.xml
[2011.12.21 12:02:41 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-15.xml
[2011.12.31 13:37:24 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-16.xml
[2012.01.07 12:22:30 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-17.xml
[2012.02.02 16:22:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-18.xml
[2012.02.14 20:51:59 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-19.xml
[2012.02.23 22:13:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-20.xml
[2012.03.25 21:08:48 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-21.xml
[2012.04.01 22:45:07 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-22.xml
[2012.04.25 15:28:38 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-23.xml
[2012.06.09 20:07:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-24.xml
[2012.06.19 23:26:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-25.xml
[2012.07.03 15:05:06 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-26.xml
[2012.07.18 20:14:49 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-27.xml
[2012.07.26 11:53:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-28.xml
[2012.09.23 10:26:34 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-29.xml
[2012.10.21 16:19:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-30.xml
[2012.10.30 18:20:43 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-31.xml
[2012.12.06 12:28:25 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-32.xml
[2013.01.12 01:02:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-33.xml
[2013.01.19 06:20:05 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-34.xml
[2013.02.06 13:05:01 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-35.xml
[2013.03.27 21:01:33 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-36.xml
[2013.04.22 21:28:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-37.xml
[2013.05.21 15:36:31 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-38.xml
[2011.06.24 11:58:36 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-4.xml
[2011.06.29 18:01:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-5.xml
[2011.08.18 10:03:04 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-6.xml
[2011.09.01 18:42:35 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-7.xml
[2011.09.12 21:17:19 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-8.xml
[2011.09.27 20:26:28 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-9.xml
[2013.05.14 09:18:37 | 000,002,432 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\lastminute.xml
[2013.05.14 09:18:37 | 000,005,682 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\webde-suche.xml
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.21 11:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.06.08 10:00:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06836FBF-AD2C-46A7-8448-2BD13982C57A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACA866-82B1-414E-8DE2-89218E617A77}: DhcpNameServer = 212.23.115.148 212.23.115.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B2F709-6893-4297-90FD-C11E5366ACE3}: DhcpNameServer = 212.23.115.148 212.23.97.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.13 03:17:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013.06.07 16:25:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.01.09 20:02:18 | 000,901,175 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.01.30 14:17:12 | 000,000,265 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.08 12:55:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.08 10:18:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.08 09:10:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.08 09:10:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.08 09:10:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.08 09:08:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.08 09:08:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.08 09:07:54 | 005,078,746 | R--- | C] (Swearware) -- C:\Users\ADenkel\Desktop\ComboFix.exe
[2013.06.07 17:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.06.07 17:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013.06.07 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Malwarebytes
[2013.06.07 17:03:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.07 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.07 16:50:54 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.07 16:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.07 16:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.07 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Documents\Razer
[2013.06.07 16:11:49 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Razer
[2013.06.07 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.06.07 16:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.06.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013.06.07 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.07 16:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013.06.07 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.06.07 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.06.07 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Instair
[2013.06.07 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks 2013 Hilfe
[2013.06.07 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2013
[2013.06.07 12:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks2013
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Creative
[2013.06.06 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.06.06 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Creative
[2013.06.06 11:32:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.06.06 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.06.06 11:31:54 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.06 11:31:51 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.06.06 11:31:51 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.06.06 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.06.06 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.06.06 11:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.06.03 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis Bilder
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterics3.3.1
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\asterics3.3.1
[2013.05.23 09:59:18 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.05.21 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.17 16:11:47 | 000,000,000 | ---D | C] -- C:\Riot Games2
[2013.05.17 15:45:27 | 000,000,000 | ---D | C] -- C:\Hurengame
[2013.05.17 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\.swt
[2013.05.17 14:05:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.05.17 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.17 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.05.17 13:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.05.15 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis
[2013.05.14 17:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jungle Timer
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jungle Timer
[2013.05.14 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2013.05.14 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.12 16:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.11.15 18:15:36 | 269,767,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\X16-32786.exe
[7 C:\Users\ADenkel\Desktop\*.tmp files -> C:\Users\ADenkel\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.08 13:42:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 13:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 13:21:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001UA.job
[2013.06.08 13:02:21 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 13:02:21 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 12:55:24 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 12:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 12:54:46 | 1072,205,822 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 12:53:27 | 000,000,452 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.08 10:00:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.07 22:21:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001Core.job
[2013.06.07 20:48:31 | 005,078,746 | R--- | M] (Swearware) -- C:\Users\ADenkel\Desktop\ComboFix.exe
[2013.06.07 19:37:04 | 1095,205,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.07 19:18:35 | 000,000,000 | ---- | M] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 17:28:46 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:25:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 16:09:36 | 007,149,164 | ---- | M] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | M] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 11:59:03 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.07 11:59:03 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.07 11:59:03 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.07 11:59:03 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.07 11:59:03 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 11:20:51 | 006,930,304 | ---- | M] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:39 | 001,925,686 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.07 08:57:44 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.06.06 11:32:09 | 000,000,380 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:54 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.05 09:23:23 | 000,378,486 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:30 | 000,428,152 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:14:03 | 000,433,249 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.06.02 22:21:38 | 000,001,053 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.28 15:50:00 | 000,044,484 | ---- | M] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:24 | 001,620,990 | ---- | M] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.26 12:36:14 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2013.05.25 23:11:25 | 000,098,275 | ---- | M] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013.05.22 10:52:39 | 000,184,278 | ---- | M] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:23:13 | 061,385,895 | ---- | M] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[7 C:\Users\ADenkel\Desktop\*.tmp files -> C:\Users\ADenkel\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.08 09:10:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.08 09:10:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.08 09:10:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.08 09:10:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.08 09:10:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.07 19:18:35 | 000,000,000 | ---- | C] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 17:28:46 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:45:14 | 000,000,452 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.07 16:25:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 13:06:23 | 007,149,164 | ---- | C] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 12:05:41 | 2128,204,125 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part2.rar
[2013.06.07 12:04:14 | 3750,000,000 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part1.exe
[2013.06.07 11:56:21 | 1583,624,856 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl SP2 R1.zip
[2013.06.07 11:20:51 | 006,930,304 | ---- | C] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:47 | 001,925,686 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.06 11:31:58 | 000,032,173 | ---- | C] () -- C:\Windows\SysNative\UHSFatW.ini
[2013.06.06 11:31:58 | 000,012,044 | ---- | C] () -- C:\Windows\UHSAFX64.ssc
[2013.06.06 11:31:58 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini
[2013.06.06 11:31:58 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini
[2013.06.06 11:31:58 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2013.06.06 11:31:57 | 000,325,120 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.06.06 11:31:57 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.06.06 11:31:57 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.06.06 11:31:57 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.06.06 11:31:57 | 000,000,380 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.06.05 09:23:21 | 000,378,486 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:28 | 000,428,152 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:13:59 | 000,433,249 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.05.28 15:50:00 | 000,044,484 | ---- | C] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:07 | 001,620,990 | ---- | C] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.25 23:11:25 | 000,098,275 | ---- | C] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.05.23 09:58:31 | 000,007,977 | ---- | C] () -- C:\Users\ADenkel\Desktop\Readme.rtf
[2013.05.22 10:52:38 | 000,184,278 | ---- | C] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:22:36 | 061,385,895 | ---- | C] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.17 14:21:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.30 15:22:55 | 000,003,584 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 23:39:03 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2012.02.13 20:18:00 | 000,007,660 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Resmon.ResmonCfg
[2012.01.08 15:39:02 | 002,020,367 | ---- | C] () -- C:\Users\ADenkel\P1010812.JPG
[2012.01.08 15:39:02 | 001,977,572 | ---- | C] () -- C:\Users\ADenkel\P1010825.JPG
[2012.01.08 15:39:02 | 001,936,751 | ---- | C] () -- C:\Users\ADenkel\P1010818.JPG
[2012.01.08 15:39:02 | 001,909,361 | ---- | C] () -- C:\Users\ADenkel\P1010821.JPG
[2012.01.08 15:39:02 | 001,901,126 | ---- | C] () -- C:\Users\ADenkel\P1010824.JPG
[2012.01.08 15:39:02 | 001,900,824 | ---- | C] () -- C:\Users\ADenkel\P1010822.JPG
[2012.01.08 15:39:02 | 001,881,533 | ---- | C] () -- C:\Users\ADenkel\P1010811.JPG
[2012.01.08 15:39:02 | 001,866,815 | ---- | C] () -- C:\Users\ADenkel\P1010823.JPG
[2012.01.08 15:39:02 | 001,857,687 | ---- | C] () -- C:\Users\ADenkel\P1010819.JPG
[2012.01.08 15:39:02 | 001,840,688 | ---- | C] () -- C:\Users\ADenkel\P1010820.JPG
[2012.01.08 15:39:02 | 001,784,087 | ---- | C] () -- C:\Users\ADenkel\P1010817.JPG
[2012.01.08 15:39:02 | 001,780,794 | ---- | C] () -- C:\Users\ADenkel\P1010813.JPG
[2012.01.08 15:39:02 | 001,769,988 | ---- | C] () -- C:\Users\ADenkel\P1010810.JPG
[2012.01.08 15:39:02 | 001,659,218 | ---- | C] () -- C:\Users\ADenkel\P1010816.JPG
[2012.01.08 15:39:02 | 001,627,105 | ---- | C] () -- C:\Users\ADenkel\P1010815.JPG
[2012.01.08 15:39:02 | 001,311,765 | ---- | C] () -- C:\Users\ADenkel\P1010809.JPG
[2012.01.08 15:39:02 | 001,171,161 | ---- | C] () -- C:\Users\ADenkel\P1010805.JPG
[2012.01.08 15:39:02 | 001,134,570 | ---- | C] () -- C:\Users\ADenkel\P1010806.JPG
[2012.01.08 15:39:02 | 000,977,249 | ---- | C] () -- C:\Users\ADenkel\P1010814.JPG
[2012.01.08 15:39:02 | 000,862,410 | ---- | C] () -- C:\Users\ADenkel\P1010807.JPG
[2012.01.08 15:39:02 | 000,801,502 | ---- | C] () -- C:\Users\ADenkel\P1010808.JPG
[2012.01.01 23:16:35 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_16.xml
[2011.12.31 15:20:18 | 000,001,456 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.23 02:19:35 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 23:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.27 14:08:27 | 000,184,320 | RHS- | C] () -- C:\Windows\SysWow64\winvers.dll
[2011.06.22 11:57:28 | 000,155,627 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 8.pdf
[2011.06.22 11:57:28 | 000,099,739 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 10.pdf
[2011.06.22 11:57:28 | 000,095,350 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 9.pdf
[2011.06.22 11:57:28 | 000,076,879 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 7.pdf
[2010.11.23 14:50:14 | 002,957,563 | ---- | C] () -- C:\Users\ADenkel\preview_.mxi
[2010.11.23 14:50:14 | 000,162,202 | ---- | C] () -- C:\Users\ADenkel\preview_.png
[2010.10.27 19:48:03 | 000,000,132 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Adobe PNG Format CS5 Prefs
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.13 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Autodesk
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Canon
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD Label Designer
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD-LabelPrint
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.06.08 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Dropbox
[2011.12.23 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Duden
[2012.06.05 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\DVDVideoSoft
[2012.06.14 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ESRI
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2010.help.deu.C597E665C9D833B0F52B09434821DFAEF4904789.1
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1
[2012.05.30 15:20:15 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreeFLVConverter
[2012.01.10 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreePDF
[2012.04.14 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\GetRightToGo
[2013.03.28 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ
[2013.01.04 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ-Profile
[2013.01.04 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQM
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Indigo Renderer
[2013.06.07 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.04.24 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Leadertech
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Local
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient
[2012.05.24 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient2
[2013.06.07 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\MAXON
[2013.01.05 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Mumble
[2011.12.23 00:46:07 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Nemetschek
[2012.01.17 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\PDF Writer
[2013.05.14 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SpeedSim
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SplitMediaLabs
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TeamViewer
[2011.12.23 00:46:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TS3Client
[2013.01.25 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ViperSettingsFolder
[2013.01.25 12:19:55 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\ViperUpdate AU
[2013.01.25 12:26:13 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
< End of report >
Achim |
|
08.06.2013, 16:20
| #6 |
| /// the machine /// TB-Ausbilder | Google redirect Virus entfernenFixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledAddons: 5%40thumbpro.net:1.7
FF - prefs.js..extensions.enabledAddons: beamgeraet%40web.de:4.11.0.30
FF - prefs.js..extensions.enabledAddons: iweb2x%40sciweavers.org:1.0
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
[7 C:\Users\ADenkel\Desktop\*.tmp files -> C:\Users\ADenkel\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
:Commands
[emptytemp]
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log. Noch Probleme?
__________________ --> Google redirect Virus entfernen |
|
09.06.2013, 21:06
| #7 |
| | Google redirect Virus entfernen Also nach erstem ausprobieren ist der Google Virus weg  Hier die OTL txt: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: 5%40thumbpro.net:1.7 removed from extensions.enabledAddons
Prefs.js: beamgeraet%40web.de:4.11.0.30 removed from extensions.enabledAddons
Prefs.js: iweb2x%40sciweavers.org:1.0 removed from extensions.enabledAddons
Prefs.js: netvideohunter%40netvideohunter.com:1.9.5 removed from extensions.enabledAddons
Prefs.js: youtube2mp3%40mondayx.de:1.2.3 removed from extensions.enabledAddons
Prefs.js: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0 removed from extensions.enabledAddons
Prefs.js: artur.dubovoy%40gmail.com:3.8.7 removed from extensions.enabledAddons
Prefs.js: ich%40maltegoetz.de:1.4.8 removed from extensions.enabledAddons
Prefs.js: toolbar%40gmx.net:2.6 removed from extensions.enabledAddons
Prefs.js: ascsurfingprotection%40iobit.com:1.0 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.4 removed from extensions.enabledItems
Prefs.js: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.4 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 removed from extensions.enabledItems
C:\Users\ADenkel\Desktop\~WRL0005.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL0039.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL0561.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL1223.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL1469.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL2954.tmp deleted successfully.
C:\Users\ADenkel\Desktop\~WRL3018.tmp deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla21.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla31.exe deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla32.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla33.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla34.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla36.dll deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseCustomCalla36.exe deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP\WiseData.ini deleted successfully.
C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\SysWow64\~.tmp deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: ADenkel
->Temp folder emptied: 1290055 bytes
->Temporary Internet Files folder emptied: 185244990 bytes
->Java cache emptied: 32609600 bytes
->FireFox cache emptied: 114668789 bytes
->Google Chrome cache emptied: 462726847 bytes
->Flash cache emptied: 192631 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sketchup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57754 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10525352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36048618 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 804,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 06092013_100002
Files\Folders moved on Reboot...
C:\Users\ADenkel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\Low\MSI\SkypeToolbars.msi moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=28ca15ffb19fa740ab4c9ae478027014
# engine=14029
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-09 01:13:10
# local_time=2013-06-09 03:13:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3074 16777213 100 90 46193103 60627670 0 0
# compatibility_mode=5893 16776573 100 94 0 122413440 0 0
# scanned=572859
# found=12
# cleaned=0
# scan_time=18055
sh=5EB603FD88B3E6C321ADCA509C429B6B09899442 ft=1 fh=38df06839c580040 vn="a variant of Win32/Injector.KCP trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\03BCB5AE-2BC2-4F9C-BB94-57471517C6F7.data"
sh=90AD6892B1F53668CDBFF3307064DB318202084F ft=1 fh=39170fe183bfcb95 vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\32868C0D-3C56-4A7F-8078-C80E2C1603DA.data"
sh=C87F66DF38EF167A311F21DFA25726D9FEA0D301 ft=1 fh=1bf5ea34d431fdc6 vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\34B46A98-54F4-4F27-9314-E4887FFBFA3E.data"
sh=392015479DFFC777B9F2E023A8D93A09133137E8 ft=1 fh=9add3a4dd6569d5d vn="a variant of Win32/Kryptik.WLK trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\3BABB2D6-E677-40F2-BEAC-26AD5CACC57C.data"
sh=689ACBA4CAF85243961D79897AE2DF26C9CB1BB5 ft=1 fh=6e5d014544d60166 vn="a variant of Win32/Injector.MSQ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\50556A7D-8EFA-40F8-AD5E-839822E479FB.data"
sh=E61B61DB2CD584632185CDAA7E3A10A97BE6EED1 ft=1 fh=933b9aa06c848e3f vn="Win32/Delf.QMF trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\8D0AB9D2-6EA0-438B-838F-D187EA2F2A0B.data"
sh=777D565C270173A6862D4B2923301BD51D16EFBF ft=1 fh=7401c88746cbeb3f vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\A3435843-7264-4502-A608-885AB24E096C.data"
sh=689ACBA4CAF85243961D79897AE2DF26C9CB1BB5 ft=1 fh=6e5d014544d60166 vn="a variant of Win32/Injector.MSQ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\A528F12E-AA1B-41E2-947F-AC9D457C3C44.data"
sh=FD56A03299535267C5793844ABB23E711E856B7F ft=1 fh=2c5f4b427da014f9 vn="a variant of Win32/Adware.WinPump.P application" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\BADECD20-8209-48A7-BFE8-51B479D09E7D.data"
sh=C87F66DF38EF167A311F21DFA25726D9FEA0D301 ft=1 fh=1bf5ea34d431fdc6 vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\D7256E22-6645-4CB6-AE60-2527690037F4.data"
sh=10756B29D8F6A194D589551DAAA1D52CA7C6532F ft=1 fh=757a796bad8b4da5 vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\DA06DE07-3DC4-4248-B54F-2E435DF9A65A.data"
sh=25877E7D6D987FBB740760D62EAE49A5E2A9D1BD ft=1 fh=f76939fdfabae91d vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\F8CAC0B2-3A7F-46D9-A163-6EB54711B8C4.data"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=28ca15ffb19fa740ab4c9ae478027014
# engine=14029
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-09 01:13:10
# local_time=2013-06-09 03:13:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3074 16777213 100 90 46193103 60627670 0 0
# compatibility_mode=5893 16776573 100 94 0 122413440 0 0
# scanned=572859
# found=12
# cleaned=0
# scan_time=18055
sh=5EB603FD88B3E6C321ADCA509C429B6B09899442 ft=1 fh=38df06839c580040 vn="a variant of Win32/Injector.KCP trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\03BCB5AE-2BC2-4F9C-BB94-57471517C6F7.data"
sh=90AD6892B1F53668CDBFF3307064DB318202084F ft=1 fh=39170fe183bfcb95 vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\32868C0D-3C56-4A7F-8078-C80E2C1603DA.data"
sh=C87F66DF38EF167A311F21DFA25726D9FEA0D301 ft=1 fh=1bf5ea34d431fdc6 vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\34B46A98-54F4-4F27-9314-E4887FFBFA3E.data"
sh=392015479DFFC777B9F2E023A8D93A09133137E8 ft=1 fh=9add3a4dd6569d5d vn="a variant of Win32/Kryptik.WLK trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\3BABB2D6-E677-40F2-BEAC-26AD5CACC57C.data"
sh=689ACBA4CAF85243961D79897AE2DF26C9CB1BB5 ft=1 fh=6e5d014544d60166 vn="a variant of Win32/Injector.MSQ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\50556A7D-8EFA-40F8-AD5E-839822E479FB.data"
sh=E61B61DB2CD584632185CDAA7E3A10A97BE6EED1 ft=1 fh=933b9aa06c848e3f vn="Win32/Delf.QMF trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\8D0AB9D2-6EA0-438B-838F-D187EA2F2A0B.data"
sh=777D565C270173A6862D4B2923301BD51D16EFBF ft=1 fh=7401c88746cbeb3f vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\A3435843-7264-4502-A608-885AB24E096C.data"
sh=689ACBA4CAF85243961D79897AE2DF26C9CB1BB5 ft=1 fh=6e5d014544d60166 vn="a variant of Win32/Injector.MSQ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\A528F12E-AA1B-41E2-947F-AC9D457C3C44.data"
sh=FD56A03299535267C5793844ABB23E711E856B7F ft=1 fh=2c5f4b427da014f9 vn="a variant of Win32/Adware.WinPump.P application" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\BADECD20-8209-48A7-BFE8-51B479D09E7D.data"
sh=C87F66DF38EF167A311F21DFA25726D9FEA0D301 ft=1 fh=1bf5ea34d431fdc6 vn="a variant of Win32/Kryptik.XJG trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\D7256E22-6645-4CB6-AE60-2527690037F4.data"
sh=10756B29D8F6A194D589551DAAA1D52CA7C6532F ft=1 fh=757a796bad8b4da5 vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\DA06DE07-3DC4-4248-B54F-2E435DF9A65A.data"
sh=25877E7D6D987FBB740760D62EAE49A5E2A9D1BD ft=1 fh=f76939fdfabae91d vn="a variant of Win32/Kryptik.XUJ trojan" ac=I fn="C:\$WINDOWS.~Q\DATA\Program Files\COMODO\COMODO Internet Security\Quarantine\F8CAC0B2-3A7F-46D9-A163-6EB54711B8C4.data"
Code:
ATTFilter OTL logfile created on: 09.06.2013 22:07:36 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADenkel\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 8,17 Gb Available Physical Memory | 68,09% Memory free
23,99 Gb Paging File | 19,63 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 736,10 Gb Total Space | 319,48 Gb Free Space | 43,40% Space Free | Partition Type: NTFS
Drive D: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 1863,01 Gb Total Space | 334,60 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
Computer Name: ADENKEL-PC | User Name: ADenkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ADenkel\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Riot Games2\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
PRC - C:\Riot Games2\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Riot Games2\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Riot Games2\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Riot Games2\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (mi-raysat_3dsmax2012_64) -- C:\Programme\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2011_64) -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (CLBUDF) -- C:\Windows\CLBUDF.tbl ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 A9 D3 40 51 66 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{02846768-E30E-42f0-95E3-2AF704DA8C8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4C3FDEAB-C42A-49F9-9931-92B65DDE177E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{7774EDFF-4D41-4613-AB97-D428D276D9CA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{DA533647-73C6-4d8c-B091-53D1555A5CA6}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ADenkel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.12.22 23:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.23 00:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.21 11:30:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.07 16:45:19 | 000,000,000 | ---D | M]
[2012.05.30 15:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Extensions
[2013.06.07 17:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions
[2011.12.23 00:46:06 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2013.06.07 17:28:48 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ascsurfingprotection@iobit.com
[2012.09.22 20:57:56 | 000,000,000 | ---D | M] (Youtube Music Player) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\beamgeraet@web.de
[2013.06.07 16:10:56 | 000,000,000 | ---D | M] (Instair) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\contact@instair.net
[2013.04.11 00:29:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\ich@maltegoetz.de
[2012.10.25 10:09:50 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\ADenkel\AppData\Roaming\mozilla\Firefox\Profiles\vfk58t0p.default\extensions\netvideohunter@netvideohunter.com
[2012.04.20 09:50:12 | 000,007,926 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\5@thumbpro.net.xpi
[2013.03.27 20:57:21 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.09.22 14:34:58 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\ciuvo-extension@icq.de.xpi
[2012.01.10 14:55:22 | 000,082,854 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\iweb2x@sciweavers.org.xpi
[2013.05.14 09:18:34 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\toolbar@gmx.net.xpi
[2012.04.20 09:53:42 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.03.27 20:24:01 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.12 17:18:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.09 10:07:33 | 000,001,050 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\11-suche.xml
[2013.05.14 09:18:37 | 000,002,418 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\englische-ergebnisse.xml
[2013.05.14 09:18:37 | 000,010,701 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\gmx-suche.xml
[2011.09.30 17:18:16 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-10.xml
[2011.10.03 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-11.xml
[2011.11.07 01:13:20 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-12.xml
[2011.11.10 23:40:42 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-13.xml
[2011.11.29 11:46:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-14.xml
[2011.12.21 12:02:41 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-15.xml
[2011.12.31 13:37:24 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-16.xml
[2012.01.07 12:22:30 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-17.xml
[2012.02.02 16:22:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-18.xml
[2012.02.14 20:51:59 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-19.xml
[2012.02.23 22:13:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-20.xml
[2012.03.25 21:08:48 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-21.xml
[2012.04.01 22:45:07 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-22.xml
[2012.04.25 15:28:38 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-23.xml
[2012.06.09 20:07:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-24.xml
[2012.06.19 23:26:27 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-25.xml
[2012.07.03 15:05:06 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-26.xml
[2012.07.18 20:14:49 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-27.xml
[2012.07.26 11:53:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-28.xml
[2012.09.23 10:26:34 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-29.xml
[2012.10.21 16:19:45 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-30.xml
[2012.10.30 18:20:43 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-31.xml
[2012.12.06 12:28:25 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-32.xml
[2013.01.12 01:02:23 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-33.xml
[2013.01.19 06:20:05 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-34.xml
[2013.02.06 13:05:01 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-35.xml
[2013.03.27 21:01:33 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-36.xml
[2013.04.22 21:28:09 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-37.xml
[2013.05.21 15:36:31 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-38.xml
[2011.06.24 11:58:36 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-4.xml
[2011.06.29 18:01:32 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-5.xml
[2011.08.18 10:03:04 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-6.xml
[2011.09.01 18:42:35 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-7.xml
[2011.09.12 21:17:19 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-8.xml
[2011.09.27 20:26:28 | 000,000,950 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\icqplugin-9.xml
[2013.05.14 09:18:37 | 000,002,432 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\lastminute.xml
[2013.05.14 09:18:37 | 000,005,682 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\mozilla\firefox\profiles\vfk58t0p.default\searchplugins\webde-suche.xml
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.21 11:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 11:30:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\ADenkel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.06.08 10:00:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\ADenkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ADenkel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06836FBF-AD2C-46A7-8448-2BD13982C57A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACA866-82B1-414E-8DE2-89218E617A77}: DhcpNameServer = 212.23.115.148 212.23.115.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B2F709-6893-4297-90FD-C11E5366ACE3}: DhcpNameServer = 212.23.115.148 212.23.97.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.13 03:17:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013.06.07 16:25:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.01.09 20:02:18 | 000,901,175 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.01.30 14:17:12 | 000,000,265 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.09 10:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.09 10:00:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.08 12:55:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.08 10:18:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.08 09:10:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.08 09:10:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.08 09:10:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.08 09:08:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.08 09:08:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.08 09:07:54 | 005,078,746 | R--- | C] (Swearware) -- C:\Users\ADenkel\Desktop\ComboFix.exe
[2013.06.07 17:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013.06.07 17:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013.06.07 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Malwarebytes
[2013.06.07 17:03:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.07 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.07 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.07 16:50:54 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.07 16:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.07 16:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.07 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Documents\Razer
[2013.06.07 16:11:49 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Razer
[2013.06.07 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.06.07 16:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.06.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013.06.07 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.07 16:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013.06.07 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.06.07 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.06.07 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Instair
[2013.06.07 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks 2013 Hilfe
[2013.06.07 12:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks2013
[2013.06.07 12:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks2013
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Creative
[2013.06.06 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.06.06 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Local\Creative
[2013.06.06 11:32:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.06.06 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.06.06 11:31:54 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.06 11:31:51 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.06.06 11:31:51 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.06.06 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.06.06 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.06.06 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.06.06 11:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.06.03 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis Bilder
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.23 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asterics3.3.1
[2013.05.23 09:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\asterics3.3.1
[2013.05.23 09:59:18 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.05.21 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.17 16:11:47 | 000,000,000 | ---D | C] -- C:\Riot Games2
[2013.05.17 15:45:27 | 000,000,000 | ---D | C] -- C:\Hurengame
[2013.05.17 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\.swt
[2013.05.17 14:05:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.05.17 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.17 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.05.17 13:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.05.15 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\Desktop\Thesis
[2013.05.14 17:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jungle Timer
[2013.05.14 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jungle Timer
[2013.05.14 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2013.05.14 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.12 16:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.11.15 18:15:36 | 269,767,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\X16-32786.exe
========== Files - Modified Within 30 Days ==========
[2013.06.09 21:42:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 21:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 21:21:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001UA.job
[2013.06.09 20:13:41 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 20:13:41 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 20:06:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 20:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 20:06:06 | 839,464,650 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.09 20:06:04 | 1072,205,822 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 22:21:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1197398453-1074897144-2161959424-1001Core.job
[2013.06.08 12:53:27 | 000,000,452 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.08 10:00:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.07 20:48:31 | 005,078,746 | R--- | M] (Swearware) -- C:\Users\ADenkel\Desktop\ComboFix.exe
[2013.06.07 19:18:35 | 000,000,000 | ---- | M] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 17:28:46 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:25:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 16:09:36 | 007,149,164 | ---- | M] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | M] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 11:59:03 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.07 11:59:03 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.07 11:59:03 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.07 11:59:03 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.07 11:59:03 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 11:20:51 | 006,930,304 | ---- | M] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:39 | 001,925,686 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.07 08:57:44 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.06.06 11:32:09 | 000,000,380 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:54 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 11:31:54 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.05 09:23:23 | 000,378,486 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:30 | 000,428,152 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:14:03 | 000,433,249 | ---- | M] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.06.02 22:21:38 | 000,001,053 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.28 15:50:00 | 000,044,484 | ---- | M] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | M] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:24 | 001,620,990 | ---- | M] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.26 12:36:14 | 000,000,287 | ---- | M] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2013.05.25 23:11:25 | 000,098,275 | ---- | M] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | M] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013.05.22 10:52:39 | 000,184,278 | ---- | M] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | M] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:23:13 | 061,385,895 | ---- | M] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
========== Files Created - No Company Name ==========
[2013.06.08 09:10:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.08 09:10:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.08 09:10:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.08 09:10:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.08 09:10:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.07 19:18:35 | 000,000,000 | ---- | C] () -- C:\Users\ADenkel\defogger_reenable
[2013.06.07 17:28:46 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013.06.07 17:28:46 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.07 17:03:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.07 16:45:14 | 000,000,452 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.07 16:25:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.06.07 16:11:20 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.06.07 16:11:01 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013.06.07 13:06:23 | 007,149,164 | ---- | C] () -- C:\Users\ADenkel\Desktop\Ohne Titel1.vwx
[2013.06.07 12:34:32 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_18.xml
[2013.06.07 12:33:51 | 000,001,100 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks2013E.lnk
[2013.06.07 12:05:41 | 2128,204,125 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part2.rar
[2013.06.07 12:04:14 | 3750,000,000 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl.part1.exe
[2013.06.07 11:56:21 | 1583,624,856 | ---- | C] () -- C:\Users\ADenkel\Desktop\Vectorworks 2013 kompl SP2 R1.zip
[2013.06.07 11:20:51 | 006,930,304 | ---- | C] () -- C:\Users\ADenkel\Desktop\sdi_mapclient_8003420449195998216.pdf
[2013.06.07 11:11:47 | 001,925,686 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau1.pdf
[2013.06.06 11:31:58 | 000,032,173 | ---- | C] () -- C:\Windows\SysNative\UHSFatW.ini
[2013.06.06 11:31:58 | 000,012,044 | ---- | C] () -- C:\Windows\UHSAFX64.ssc
[2013.06.06 11:31:58 | 000,002,169 | ---- | C] () -- C:\Windows\FatWcfg.ini
[2013.06.06 11:31:58 | 000,000,388 | ---- | C] () -- C:\Windows\FatWMCcfg.ini
[2013.06.06 11:31:58 | 000,000,200 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2013.06.06 11:31:57 | 000,325,120 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.06.06 11:31:57 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.06.06 11:31:57 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.06.06 11:31:57 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.06.06 11:31:57 | 000,000,380 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.06.06 11:31:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.06.05 09:23:21 | 000,378,486 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1960.jpg
[2013.06.05 09:18:28 | 000,428,152 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1977.jpg
[2013.06.05 09:13:59 | 000,433,249 | ---- | C] () -- C:\Users\ADenkel\Desktop\IMG_1955.jpg
[2013.05.28 15:50:00 | 000,044,484 | ---- | C] () -- C:\Users\ADenkel\Desktop\944163_10151634351173633_1508828835_n.jpg
[2013.05.26 20:47:38 | 000,001,005 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.05.26 13:06:07 | 001,620,990 | ---- | C] () -- C:\Users\ADenkel\Desktop\Bewirtschaftungsplõne_gemõ¯_der_Europõischen_Wasserrahmenrichtlinie.bmp
[2013.05.25 23:11:25 | 000,098,275 | ---- | C] () -- C:\Users\ADenkel\Desktop\2,c=0,h=554.bild.jpeg
[2013.05.23 19:58:30 | 000,002,172 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition TL.lnk
[2013.05.23 19:58:30 | 000,002,151 | ---- | C] () -- C:\Users\ADenkel\Desktop\Die Gilde Gold-Edition.lnk
[2013.05.23 10:00:00 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Handbuch.lnk
[2013.05.23 10:00:00 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Asterics3.3.1 Update Neuerungen.lnk
[2013.05.23 10:00:00 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.05.23 10:00:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.05.23 09:58:31 | 000,007,977 | ---- | C] () -- C:\Users\ADenkel\Desktop\Readme.rtf
[2013.05.22 10:52:38 | 000,184,278 | ---- | C] () -- C:\Users\ADenkel\Desktop\Thesis_05.pdf
[2013.05.22 10:32:17 | 000,849,775 | ---- | C] () -- C:\Users\ADenkel\Desktop\Druckvorschau.pdf
[2013.05.21 21:22:36 | 061,385,895 | ---- | C] () -- C:\Users\ADenkel\Desktop\Weg des Kriegers Silver Samurai vs Wolverine im neuen Trailer News moviepilotde.mp4
[2013.05.17 16:13:19 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.05.17 14:21:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.09.28 04:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 04:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.30 15:22:55 | 000,003,584 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.02 23:39:03 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_17.xml
[2012.02.13 20:18:00 | 000,007,660 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Resmon.ResmonCfg
[2012.01.08 15:39:02 | 002,020,367 | ---- | C] () -- C:\Users\ADenkel\P1010812.JPG
[2012.01.08 15:39:02 | 001,977,572 | ---- | C] () -- C:\Users\ADenkel\P1010825.JPG
[2012.01.08 15:39:02 | 001,936,751 | ---- | C] () -- C:\Users\ADenkel\P1010818.JPG
[2012.01.08 15:39:02 | 001,909,361 | ---- | C] () -- C:\Users\ADenkel\P1010821.JPG
[2012.01.08 15:39:02 | 001,901,126 | ---- | C] () -- C:\Users\ADenkel\P1010824.JPG
[2012.01.08 15:39:02 | 001,900,824 | ---- | C] () -- C:\Users\ADenkel\P1010822.JPG
[2012.01.08 15:39:02 | 001,881,533 | ---- | C] () -- C:\Users\ADenkel\P1010811.JPG
[2012.01.08 15:39:02 | 001,866,815 | ---- | C] () -- C:\Users\ADenkel\P1010823.JPG
[2012.01.08 15:39:02 | 001,857,687 | ---- | C] () -- C:\Users\ADenkel\P1010819.JPG
[2012.01.08 15:39:02 | 001,840,688 | ---- | C] () -- C:\Users\ADenkel\P1010820.JPG
[2012.01.08 15:39:02 | 001,784,087 | ---- | C] () -- C:\Users\ADenkel\P1010817.JPG
[2012.01.08 15:39:02 | 001,780,794 | ---- | C] () -- C:\Users\ADenkel\P1010813.JPG
[2012.01.08 15:39:02 | 001,769,988 | ---- | C] () -- C:\Users\ADenkel\P1010810.JPG
[2012.01.08 15:39:02 | 001,659,218 | ---- | C] () -- C:\Users\ADenkel\P1010816.JPG
[2012.01.08 15:39:02 | 001,627,105 | ---- | C] () -- C:\Users\ADenkel\P1010815.JPG
[2012.01.08 15:39:02 | 001,311,765 | ---- | C] () -- C:\Users\ADenkel\P1010809.JPG
[2012.01.08 15:39:02 | 001,171,161 | ---- | C] () -- C:\Users\ADenkel\P1010805.JPG
[2012.01.08 15:39:02 | 001,134,570 | ---- | C] () -- C:\Users\ADenkel\P1010806.JPG
[2012.01.08 15:39:02 | 000,977,249 | ---- | C] () -- C:\Users\ADenkel\P1010814.JPG
[2012.01.08 15:39:02 | 000,862,410 | ---- | C] () -- C:\Users\ADenkel\P1010807.JPG
[2012.01.08 15:39:02 | 000,801,502 | ---- | C] () -- C:\Users\ADenkel\P1010808.JPG
[2012.01.01 23:16:35 | 000,000,287 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\VersionChecker_16.xml
[2011.12.31 15:20:18 | 000,001,456 | ---- | C] () -- C:\Users\ADenkel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.23 02:19:35 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 23:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.22 11:57:28 | 000,155,627 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 8.pdf
[2011.06.22 11:57:28 | 000,099,739 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 10.pdf
[2011.06.22 11:57:28 | 000,095,350 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 9.pdf
[2011.06.22 11:57:28 | 000,076,879 | ---- | C] () -- C:\Users\ADenkel\Existenzgründung 7.pdf
[2010.11.23 14:50:14 | 002,957,563 | ---- | C] () -- C:\Users\ADenkel\preview_.mxi
[2010.11.23 14:50:14 | 000,162,202 | ---- | C] () -- C:\Users\ADenkel\preview_.png
[2010.10.27 19:48:03 | 000,000,132 | ---- | C] () -- C:\Users\ADenkel\AppData\Roaming\Adobe PNG Format CS5 Prefs
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.13 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Autodesk
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Canon
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD Label Designer
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\CD-LabelPrint
[2011.12.23 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.06.09 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Dropbox
[2011.12.23 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Duden
[2012.06.05 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\DVDVideoSoft
[2012.06.14 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ESRI
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2010.help.deu.C597E665C9D833B0F52B09434821DFAEF4904789.1
[2011.12.23 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1
[2012.05.30 15:20:15 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreeFLVConverter
[2012.01.10 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\FreePDF
[2012.04.14 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\GetRightToGo
[2013.03.28 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ
[2013.01.04 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQ-Profile
[2013.01.04 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ICQM
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Indigo Renderer
[2013.06.07 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\IObit
[2013.04.24 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Leadertech
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Local
[2011.12.23 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient
[2012.05.24 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\LolClient2
[2013.06.07 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\MAXON
[2013.01.05 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Mumble
[2011.12.23 00:46:07 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\Nemetschek
[2012.01.17 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\PDF Writer
[2013.05.14 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SitenApp
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SpeedSim
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\SplitMediaLabs
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.23 00:46:11 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TeamViewer
[2011.12.23 00:46:12 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\TS3Client
[2013.01.25 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\ADenkel\AppData\Roaming\ViperSettingsFolder
[2013.01.25 12:19:55 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\ViperUpdate AU
[2013.01.25 12:26:13 | 000,000,000 | -HSD | M] -- C:\Users\ADenkel\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
< End of report >
Ich bin dir jetzt schon unglaublich dankbar!!!  Grüße Achim Geändert von ADenkel (09.06.2013 um 21:15 Uhr) |
|
10.06.2013, 06:51
| #8 |
| /// the machine /// TB-Ausbilder | Google redirect Virus entfernen Fertig  Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2013, 08:06
| #9 |
| | Google redirect Virus entfernen So ich habe alles abgearbeitet und ich denke das ich jetzt dank dir wieder problemlos am Computer arbeiten kann! Sind solche Programme wie TuneUp empfehlenswert oder soll ich davon lieber die Hände lassen? Nochmals vielen Dank für die Mühen und Hilfe! Ich werde das Board weiterempfehlen, wirklich eine super Sache hier =) Einen schönen Start in die Woche wünsche ich! beste Grüße Achim |
|
10.06.2013, 14:46
| #10 | |
| /// the machine /// TB-Ausbilder | Google redirect Virus entfernenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Google redirect Virus entfernen |
| akamai, bho, bluescreen, bonjour, entfernen, flash player, gmx.net, installation, jungle, launch, league of legends, monitor.exe, mozilla, plug-in, realtek, redirect virus entfernen, security, spielen, virus, virus entfernen, win32/adware.winpump.p, win32/delf.qmf, win32/injector.kcp, win32/injector.msq, win32/kryptik.wlk, win32/kryptik.xjg, win32/kryptik.xuj, windows |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
