| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2013, 19:41
| #1 |
| |  Internet Probleme Ich habe das Problem, dass mein Internet plötzlich anfängt zu laggen( vorallem bei einem Videogame fällt es mir besonders auf), auch beim rumsurfen auf Youtube ist mir dies aufgefallen. Das Video hört urplötzlich auf zu laden und mein Internet funktioniert nicht mehr, obwohl es noch verbunden ist. Browser neustart, Internet erneut verbinden, all dies funktioniert nicht. Ich muss meinen Rechner neustarten, damit mein Internet wieder läuft. Malewarebytes AVG internet security 2012 und ESET haben keine Viren gefunden. Defogger habe ich laufen lassen, aber bei mir kommt eine Meldung und die 2 Optionen: Disable, Re-enable und ich solle ja den Button nicht ohne Anweisung klicken. hier die Logfiles von den anderen. OTL Extras logfile created on: 18.07.2013 01:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nerges\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,27% Memory free 6,09 Gb Paging File | 5,11 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,19 Gb Total Space | 72,96 Gb Free Space | 50,95% Space Free | Partition Type: NTFS Drive D: | 143,18 Gb Total Space | 142,94 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: NERGES-PC | User Name: nerges | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7AD3376C-347E-46F5-B8E7-34E34E7C8BED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C345EEBC-50FB-4E36-9965-32EA6067F1A9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{25B68D33-DC16-4FAA-9792-FEBA05B16F0E}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe | "{26405D80-6958-48E4-BD95-4C7DD013A938}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{2DC1A03E-25E8-4F4C-8150-F7DA8FBA2C03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{3AFC9E08-6390-4203-8D15-E888FDF1D9F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{4A89A180-A54C-456F-A08A-304A931BD317}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EA4A5AD-80DB-4AB5-BAD9-871B25C86BE6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4FC54D97-FCDA-49F4-8938-590C801B3733}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe | "{527EA250-0D2C-4B43-940D-43540029A14B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{57D77CBA-35E2-46E1-9B33-1B016C161D50}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe | "{615CC4D0-9C69-407F-BE86-B763FE804F12}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{6295E311-1374-4FAF-BDDB-70DB7181FE60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{677AD9A6-D0C8-4C62-9E37-5C2086C59525}" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{691532B1-5DA4-4DCA-B17D-18CC73EE8D90}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7109B2BB-D8EE-4572-AFA7-1CA289E5E770}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe | "{7EE7EB38-A430-4F5B-9E1C-58B94BB7C8E0}" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | "{8232C7CD-8FCA-4051-8F1B-51ED312E54FB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{82C36A05-1A6C-422B-A42A-D50542418EB6}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{99783AF5-3E2C-42BE-AB04-370992703A39}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{9A58B480-5D3A-4881-AA14-110E54A0B98A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9D7C6687-39AF-417D-8C90-8658152012F5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{A329DD6C-1B73-44DD-A38B-44D8D654C753}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{AC90A4B9-F42C-49DD-BCD6-0ECD6D8098C3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B16658EB-6CC8-4D05-B226-90409D702E99}" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{B17CE979-74F7-40F7-9AF1-9B09A738919C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B5996CC3-646F-4147-94F2-F53EC9673388}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B651CA0E-75B2-4FC9-81A5-3A41C9A008D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C47EACBC-1927-4F72-A2B7-F3F03A44F327}" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | "{C480FF3F-8B21-40A6-9C5C-FE301710ADAE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{C5F18F0B-9AC6-4228-8C8A-C5A74680EDB5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C6D0A746-C67F-4725-9BE0-403037EFACD3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C7984296-D51A-43D7-BFBF-102D65A98638}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CF2F0374-EFFB-4356-B6D8-B7385F8D65A1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D94CED39-6BE9-4662-831D-16773BB9DC3C}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe | "{EE724978-99D2-4D26-ADC9-D6F12A8845B3}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe | "{F49B8B07-0B90-4CAD-A3CE-49D8BB2F45C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F9F6E034-F184-4A64-920D-D46DA0751BFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FD7C5667-573B-49CA-BBBB-19063145A3AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "TCP Query User{25CF99EA-FC65-44D9-BA07-283B867A8DA2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{CF7F2FC0-F194-4F1F-92C9-C78AFB004D11}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{88F18374-6B7D-4487-A2E8-807F85F799AD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D6BE7F55-E5AF-46C4-8514-05B230069073}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2A05D5FF-6D89-48B6-A078-E197EB33711C}" = AVG 2012 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D8CD8BBE-81F6-49CB-84D2-A1E616875792}" = AVG 2012 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2012 "Avidemux 2.6" = Avidemux 2.6 (32-bit) "CCleaner" = CCleaner "cFosSpeed" = cFosSpeed v9.04 "DivX Setup" = DivX-Setup "DivX Subtitle Displayer_is1" = DivX Subtitle Displayer 5.00 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ESET Online Scanner" = ESET Online Scanner v3 "EZTitles IV_is1" = EZTitles Demo 4.1.21 "FormatFactory" = FormatFactory 3.0.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Studio_is1" = Free Studio version 5.1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Garena" = Garena 2010 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "LManager" = Launch Manager "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PFPortChecker" = PFPortChecker 1.0.39 "Pixum Fotobuch" = Pixum Fotobuch "SearchElf_1.2 Toolbar" = SearchElf 1.2 Toolbar "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.5 "Voipwise_is1" = Voipwise "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XfireXO Toolbar" = XfireXO Toolbar "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "GameRanger" = GameRanger "soe-PlanetSide 2 PSG" = PlanetSide 2 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.07.2013 16:31:00 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 16:47:18 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.07.2013 18:17:43 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 18:18:28 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.07.2013 18:41:41 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 18:45:45 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error encountered while reading event logs. < End of report > OTL logfile created on: 18.07.2013 01:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nerges\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,27% Memory free 6,09 Gb Paging File | 5,11 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,19 Gb Total Space | 72,96 Gb Free Space | 50,95% Space Free | Partition Type: NTFS Drive D: | 143,18 Gb Total Space | 142,94 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: NERGES-PC | User Name: nerges | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 01:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nerges\Downloads\OTL.exe PRC - [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe PRC - [2013.04.19 16:45:50 | 000,438,112 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\spd.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.27 17:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgfws.exe PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.11.08 04:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.10.25 14:08:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.06.26 14:44:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.11 20:52:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.19 16:45:50 | 000,438,112 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.25 14:08:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012.08.10 12:42:54 | 000,150,464 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.07.01 00:32:00 | 003,563,392 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2013.04.19 16:45:52 | 001,242,464 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) DRV - [2013.04.11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.28 19:06:23 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EAGLENT.SYS -- (EagleNT) DRV - [2012.12.10 04:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.11.08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.02 17:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2012.03.02 17:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2012.03.02 17:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2012.03.02 17:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008.11.04 07:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.06.10 12:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.01.03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0610&m=e720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15183 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE387 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_deDE387&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Qyrx0_wfJ9i4vRTVYWnpmI6hCR0?q={searchTerms} IE - HKCU\..\SearchScopes\{8D4DFA7A-C26D-4BD4-B09C-E9BA613B381D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE387 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\nerges\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.08 23:49:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.03.10 20:46:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.10 22:18:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 14:44:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}: C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A} [2012.07.12 20:36:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 14:44:10 | 000,000,000 | ---D | M] [2010.07.11 22:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\Extensions [2013.07.17 01:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions [2012.07.12 20:36:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.07.17 01:41:36 | 000,000,000 | ---D | M] (BrowseToolE0170 Community Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2013.05.11 00:19:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.15 01:41:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.07.12 18:50:15 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.12 20:36:58 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\engine@plasmoo.com [2013.06.29 18:49:21 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\ich@maltegoetz.de [2013.03.10 17:54:27 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\toolbar@stumbleupon.com [2012.12.11 15:48:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 00:17:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.12 00:10:00 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.06.25 15:59:20 | 000,002,308 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\askcom.xml [2010.10.03 16:04:11 | 000,000,873 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\plasmoo.xml [2013.06.26 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.26 14:44:18 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.07.12 18:48:48 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_ptnrs=U3&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6&apn_dtid=OSJ000YYDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://www.ask.com/?l=dis&o=15183cr CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: registryAccess (Enabled) = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Unity Player (Enabled) = C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Ask Toolbar = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: StumbleUpon = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\1&1\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5796412E-4118-4D79-87A3-811A6F529221}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9996e7c2-1d00-11e0-ac05-00235a559376}\Shell - "" = AutoRun O33 - MountPoints2\{9996e7c2-1d00-11e0-ac05-00235a559376}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.18 00:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.07.15 03:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2013.07.15 03:18:02 | 001,242,464 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2013.07.15 03:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2013.07.15 03:17:40 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Local\cFos [2013.07.15 03:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos [2013.07.15 03:17:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\logs [2013.07.14 01:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.14 01:10:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.04 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Roaming\FRITZ! [2013.07.04 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Local\FRITZ! [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!DSL [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVM [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 [2013.07.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.06.26 14:57:53 | 000,000,000 | -HSD | C] -- C:\found.001 [2013.06.26 14:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.25 15:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.06.25 15:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.18 01:12:03 | 000,000,000 | ---- | M] () -- C:\Users\nerges\defogger_reenable [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe [2013.07.18 00:51:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.18 00:46:49 | 000,673,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.18 00:46:49 | 000,633,712 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.18 00:46:49 | 000,145,482 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.18 00:46:49 | 000,119,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.18 00:40:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 00:40:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 00:40:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.07.18 00:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.18 00:40:08 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013.07.18 00:39:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.07.17 20:46:42 | 127,383,447 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2013.07.17 12:46:03 | 000,396,422 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2013.07.15 03:18:57 | 000,001,140 | ---- | M] () -- C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk [2013.07.15 03:18:05 | 000,001,224 | ---- | M] () -- C:\Users\nerges\Desktop\cFosSpeed Features.lnk [2013.07.15 03:08:58 | 000,323,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.14 21:08:56 | 000,000,216 | ---- | M] () -- C:\Users\nerges\Documents\PWOOptions.ini [2013.07.14 15:02:32 | 000,008,422 | ---- | M] () -- C:\Users\nerges\Documents\cc_20130714_150229.reg [2013.07.14 01:10:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.13 15:09:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.13 15:09:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 20:40:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2013.06.27 19:45:55 | 000,016,918 | ---- | M] () -- C:\Users\nerges\Documents\Unbenannt 12.odt [2013.06.26 14:16:56 | 000,014,824 | ---- | M] () -- C:\Users\nerges\Documents\Unbenannt 1.odt [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.18 01:12:03 | 000,000,000 | ---- | C] () -- C:\Users\nerges\defogger_reenable [2013.07.18 01:10:31 | 000,050,477 | ---- | C] () -- C:\Users\nerges\Desktop\Defogger.exe [2013.07.15 03:18:57 | 000,001,140 | ---- | C] () -- C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk [2013.07.15 03:18:05 | 000,001,224 | ---- | C] () -- C:\Users\nerges\Desktop\cFosSpeed Features.lnk [2013.07.14 15:02:31 | 000,008,422 | ---- | C] () -- C:\Users\nerges\Documents\cc_20130714_150229.reg [2013.07.14 01:10:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.04 20:40:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2013.06.27 19:45:52 | 000,016,918 | ---- | C] () -- C:\Users\nerges\Documents\Unbenannt 12.odt [2013.03.19 15:39:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013.03.19 15:39:52 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.12.30 05:21:29 | 000,045,194 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\room_v3.dat [2012.08.05 01:51:22 | 000,099,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.07.09 23:37:26 | 000,001,055 | ---- | C] () -- C:\Windows\eReg.dat [2012.03.11 22:51:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.11 22:37:04 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.12.24 01:22:02 | 000,000,272 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\.backup.dm [2011.10.10 18:33:12 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2011.09.04 22:54:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.03.23 15:33:47 | 000,000,120 | ---- | C] () -- C:\Users\nerges\AppData\Local\Xfuqetureto.dat [2011.03.23 15:33:47 | 000,000,000 | ---- | C] () -- C:\Users\nerges\AppData\Local\Tzawewisu.bin [2011.03.22 15:22:08 | 000,046,658 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\room.dat [2010.10.08 20:11:01 | 000,000,552 | ---- | C] () -- C:\Users\nerges\AppData\Local\d3d8caps.dat [2010.10.03 16:06:03 | 000,000,742 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\wklnhst.dat [2010.09.18 21:57:48 | 000,000,000 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\chrtmp [2010.09.18 21:57:30 | 000,236,358 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\MultiHack Metin2 V.1.4.rar [2010.09.18 19:15:32 | 000,000,680 | ---- | C] () -- C:\Users\nerges\AppData\Local\d3d9caps.dat [2010.07.15 19:24:18 | 000,041,984 | ---- | C] () -- C:\Users\nerges\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.08 17:52:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.15 02:04:00 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\AVG [2012.07.08 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\AVG2012 [2013.03.10 22:35:20 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\avidemux [2013.05.26 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Awesomium [2012.07.12 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Babylon [2012.07.12 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\BabylonToolbar [2011.01.11 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Bilder [2012.12.07 22:42:23 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Carbon [2013.07.17 01:44:14 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\DVDVideoSoft [2011.07.26 20:23:03 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.16 16:46:33 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\EoN [2013.04.04 02:01:37 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Firefly Studios [2011.04.15 19:06:32 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Fotobuchexpress24 [2013.07.04 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\FRITZ! [2012.07.10 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\GameRanger [2010.10.11 12:07:32 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\InterVideo [2012.10.22 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\LolClient [2013.05.10 21:35:35 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\OpenOffice.org [2011.03.23 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Sysutils_Update [2010.10.03 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Template [2012.07.12 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\TuneUp Software [2012.12.29 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Unity [2013.04.10 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\uTorrent [2011.11.18 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Voipwise ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-18 20:36:23 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\nerges\AppData\Local\Temp\uwdiqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x99050004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x990500D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9904FD76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9904FE1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9904FEBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9904FF56] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 5F0 81AC9C14 8 Bytes [04, 00, 05, 99, D4, 00, 05, ...] {ADD AL, 0x0; ADD EAX, 0x500d499; CDQ } .text ntkrnlpa.exe!KeSetTimerEx + 624 81AC9C48 4 Bytes [76, FD, 04, 99] {JBE 0xffffffff; ADD AL, 0x99} .text ntkrnlpa.exe!KeSetTimerEx + 854 81AC9E78 8 Bytes [1E, FE, 04, 99, BA, FE, 04, ...] .text ntkrnlpa.exe!KeSetTimerEx + 8B4 81AC9ED8 4 Bytes [56, FF, 04, 99] {PUSH ESI; INC DWORD [ECX+EBX*4]} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83CC95B0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6064b0b Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6064b0b (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
|
18.07.2013, 20:37
| #2 |
| /// the machine /// TB-Ausbilder    | Internet Probleme hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.07.2013, 21:16
| #3 |
| | Internet Probleme hier sind die files
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by nerges (administrator) on 18-07-2013 22:12:29
Running from C:\Users\nerges\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
MountPoints2: {9996e7c2-1d00-11e0-ac05-00235a559376} - F:\USBAutoRun.exe
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] ()
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] ()
gr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [328056 2010-10-08] (BitTorrent, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2010-06-04] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15183
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0610&m=e720
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=Qyrx0_wfJ9i4vRTVYWnpmI6hCR0?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
Toolbar: HKLM - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -XfireXO Toolbar - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 09 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 35 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default
FF user.js: detected! => C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\user.js
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nerges\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\plasmoo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Plasmoo Search Engine - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\engine@plasmoo.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\ich@maltegoetz.de
FF Extension: StumbleUpon - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\toolbar@stumbleupon.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: BrowseToolE0170 Community Toolbar - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF Extension: Yahoo! Toolbar - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DealPly - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{D7EBE077-16BF-49CE-95D5-4C0684E8807A}] C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}
FF Extension: XULRunner - C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}
Chrome:
=======
CHR HomePage: hxxp://www.ask.com/?l=dis&o=15183cr
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=087c8a7000000000000000242b86f806", "hxxp://plasmoo.com"
CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_ptnrs=U3&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (registryAccess) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\background/registryAccess.dll (APN)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (StumbleUpon) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-25] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [438112 2013-04-19] (cFos Software GmbH)
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google)
S4 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3563392 2010-07-01] (INCA Internet Co., Ltd.)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] ()
R2 StumbleUponUpdater; C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1242464 2013-04-19] (cFos Software GmbH)
R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 EagleNT; C:\Windows\system32\drivers\EagleNT.sys [16976 2013-02-28] (AVG Technologies CZ, s.r.o. )
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x]
U3 uwdiqpod; \??\C:\Users\nerges\AppData\Local\Temp\uwdiqpod.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST
2013-07-18 22:11 - 2013-07-18 22:11 - 01218860 _____ (Farbar) C:\Users\nerges\Downloads\FRST.exe
2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt
2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe
2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt
2013-07-18 01:26 - 2013-07-18 01:26 - 00098198 _____ C:\Users\nerges\Downloads\OTL.Txt
2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt
2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log
2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable
2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe
2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe
2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET
2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe
2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip
2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed
2013-07-15 03:18 - 2013-04-19 16:45 - 01242464 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos
2013-07-15 03:08 - 2013-07-15 03:08 - 00004518 _____ C:\Windows\PFRO.log
2013-07-15 02:50 - 2013-07-15 02:52 - 00000000 ____D C:\Users\nerges\Downloads\backups
2013-07-15 02:43 - 2013-07-18 01:05 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log
2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe
2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log
2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg
2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 01:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 01:09 - 2013-07-14 01:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-04 20:50 - 2013-07-04 20:51 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ!
2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ!
2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1
2013-07-04 20:38 - 2013-07-04 20:39 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe
2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt
2013-06-27 13:01 - 2013-06-27 13:02 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt
2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 __SHD C:\found.001
2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\ProgramData\Ask
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe
2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi
2013-06-21 13:23 - 2013-06-21 13:24 - 00000007 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt
==================== One Month Modified Files and Folders =======
2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST
2013-07-18 22:11 - 2013-07-18 22:11 - 01218860 _____ (Farbar) C:\Users\nerges\Downloads\FRST.exe
2013-07-18 22:11 - 2008-01-21 09:16 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 22:11 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 22:11 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 21:51 - 2013-04-03 22:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt
2013-07-18 20:36 - 2010-07-08 17:18 - 00000000 ___RD C:\Users\nerges\Desktop
2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe
2013-07-18 20:00 - 2010-07-08 17:17 - 01599555 _____ C:\Windows\WindowsUpdate.log
2013-07-18 19:59 - 2012-07-08 23:49 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-07-18 19:57 - 2013-05-27 13:47 - 00000000 ____D C:\Program Files\Steam
2013-07-18 19:56 - 2010-07-08 17:41 - 00000000 ____D C:\Users\nerges\Tracing
2013-07-18 19:55 - 2010-06-04 08:04 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-07-18 19:55 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt
2013-07-18 01:26 - 2013-07-18 01:26 - 00098198 _____ C:\Users\nerges\Downloads\OTL.Txt
2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt
2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log
2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable
2013-07-18 01:12 - 2010-07-08 17:18 - 00000000 ____D C:\Users\nerges
2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe
2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe
2013-07-18 01:05 - 2013-07-15 02:43 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log
2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET
2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe
2013-07-18 00:39 - 2011-09-04 22:54 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-18 00:39 - 2006-11-02 15:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 22:24 - 2012-10-22 15:38 - 00000000 ____D C:\Users\nerges\AppData\Local\PMB Files
2013-07-17 22:24 - 2012-10-22 15:38 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 21:29 - 2010-07-08 17:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\Skype
2013-07-17 02:14 - 2012-07-23 02:34 - 00000000 ____D C:\Users\nerges\AppData\Local\CrashDumps
2013-07-17 01:44 - 2010-10-02 17:10 - 00000000 ____D C:\Users\nerges\AppData\Roaming\DVDVideoSoft
2013-07-17 01:44 - 2010-07-09 23:08 - 00000000 ____D C:\Users\nerges\Documents\DVDVideoSoft
2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip
2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos
2013-07-15 03:08 - 2013-07-15 03:08 - 00004518 _____ C:\Windows\PFRO.log
2013-07-15 03:08 - 2006-11-02 14:47 - 00323960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-15 02:52 - 2013-07-15 02:50 - 00000000 ____D C:\Users\nerges\Downloads\backups
2013-07-15 02:44 - 2010-07-08 17:19 - 00077936 _____ C:\Users\nerges\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe
2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe
2013-07-14 21:08 - 2010-09-16 15:41 - 00000216 _____ C:\Users\nerges\Documents\PWOOptions.ini
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log
2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg
2013-07-14 02:53 - 2013-04-04 01:51 - 00000000 ____D C:\Program Files\Firefly Studios
2013-07-14 02:53 - 2010-10-08 21:52 - 00000000 ____D C:\Program Files\Warcraft III
2013-07-14 02:53 - 2009-02-19 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 01:10 - 2013-07-14 01:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-14 01:10 - 2011-03-23 15:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 01:10 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-13 15:09 - 2010-07-20 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 15:09 - 2010-07-08 17:43 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 15:09 - 2010-07-08 17:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 03:01 - 2009-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:41 - 2012-12-31 17:53 - 00002245 _____ C:\Users\nerges\Desktop\Neues Textdokument.txt
2013-07-06 23:37 - 2010-07-23 20:49 - 00000000 ____D C:\Windows\Minidump
2013-07-04 20:51 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ!
2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ!
2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1
2013-07-04 20:39 - 2013-07-04 20:38 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe
2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt
2013-06-27 13:02 - 2013-06-27 13:01 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt
2013-06-27 01:05 - 2010-07-15 19:24 - 00000000 ____D C:\Users\nerges\Desktop\alle Bilder
2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 __SHD C:\found.001
2013-06-26 14:49 - 2012-07-08 01:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 14:16 - 2013-05-10 22:54 - 00014824 _____ C:\Users\nerges\Documents\Unbenannt 1.odt
2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\ProgramData\Ask
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 15:56 - 2012-07-08 02:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-25 15:56 - 2010-07-16 17:58 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-25 15:56 - 2010-07-16 17:58 - 00000000 ____D C:\Program Files\Java
2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe
2013-06-21 19:33 - 2012-07-08 03:11 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi
2013-06-21 13:24 - 2013-06-21 13:23 - 00000007 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-18 20:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-07-2013 02 Ran by nerges at 2013-07-18 22:13:03 Running from C:\Users\nerges\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) µTorrent (Version: 2.0.3) Adobe AIR (Version: 2.6.0.19120) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4) ALPS Touch Pad Driver (Version: Version 7.0.1101.18) Apple Application Support (Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (Version: 2.1.3.127) Ask Toolbar Updater (HKCU Version: 1.2.0.20007) AVG 2012 (Version: 12.0.3204) AVG 2012 (Version: 12.1.2242) AVG 2012 (Version: 2012.1.2242) AVG PC Tuneup (Version: 10.0.0.27) Avidemux 2.6 (32-bit) (Version: 2.6.1.8321) Bejeweled 2 Deluxe Bonjour (Version: 3.0.0.10) Bookworm Deluxe CCleaner (Version: 3.20) cFosSpeed v9.04 (Version: 9.04) Chuzzle Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Diner Dash DivX Subtitle Displayer 5.00 DivX-Setup (Version: 2.6.1.24) DriverTuner 3.1.0.0 (Version: 3.1.0.0) DVDVideoSoftTB Toolbar (Version: ) eMachines Recovery Management (Version: 3.1.3003) eMachines ScreenSaver (Version: 1.02.0902) ESET Online Scanner v3 EZTitles Demo 4.1.21 Facebook Video Calling 1.2.0.287 (Version: 1.2.287) FormatFactory 3.0.1 (Version: 3.0.1) Free Audio CD Burner version 1.4 Free Studio version 5.1.4 Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128) FRITZ!Box starter (Version: 2.04.02) Futuremark SystemInfo (Version: 4.11.0) GameRanger Garena 2010 (Version: 2010) GearDrvs (Version: 1.00.0000) Google Chrome (Version: 28.0.1500.72) Google Desktop (Version: 5.9.1005.12335) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) Intel(R) Graphics Media Accelerator Driver Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 20 (Version: 6.0.200) JavaFX 2.1.1 (Version: 2.1.1) Launch Manager League of Legends (Version: 1.3) LG Internet Kit (Version: 3.2.0.1) LG United Mobile Driver (Version: 3.8.1) LightScribe 1.4.142.1 (Version: 1.4.142.1) MagicDisc 2.7.106 Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (Version: 2.9) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Works (Version: 9.7.0621) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NTI Backup Now 5 (Version: 5.1.2.503) NTI Backup Now Standard (Version: 5.1.2.503) OpenOffice.org 3.4.1 (Version: 3.41.9593) Pando Media Booster (Version: 2.6.0.8) PaperPort Image Printer (Version: 1.00.0000) PFPortChecker 1.0.39 (Version: 1.0.39) Pixum Fotobuch PlanetSide 2 (HKCU Version: 1.0.3.183) Pokemon World Online version 1.83 (Version: 1.83) Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5648) ScanSoft PaperPort 11 (Version: 11.2.0000) SearchElf 1.2 Toolbar (Version: 6.2.7.3) Skype Toolbars (Version: 5.3.7555) Skype™ 5.10 (Version: 5.10.116) Steam (Version: 1.0.0.0) Stronghold Kingdoms (Version: 1.17) SUPERAntiSpyware (Version: 5.0.1150) swMSM (Version: 12.0.0.1) System Requirements Lab CYRI (Version: 4.5.1.0) System Requirements Lab Detection (Version: 1.0.5.0) TuneUp Utilities 2012 (Version: 12.0.3600.73) TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73) Uninstall 1.0.0.1 Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VLC media player 2.0.5 (Version: 2.0.5) Voipwise (Version: 4.05 build 579) Windows 7 Upgrade Advisor (Version: 2.0.5000.0) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) WinRAR XfireXO Toolbar (Version: 5.7.2.2) Yahoo! Toolbar Zuma Deluxe ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00F51975-D541-429A-87B4-8E2CCF96F298} - System32\Tasks\54978680 => C:\Users\nerges\AppData\Local\Temp\\setup4030503808.exe No File Task: {02C7D661-9147-42D7-9D60-84410B9DC02E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd) Task: {0CEC4B8C-0912-4FA3-BCD0-53A5362C2A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.) Task: {0D606FCA-F794-4220-9F8D-5EE0F07BF21C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000UA => C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-12] (Facebook Inc.) Task: {1080E22D-EB2E-4451-B484-05DD29895D71} - System32\Tasks\73bf0980 => C:\Users\nerges\AppData\Local\Temp\\setup1397179648.exe No File Task: {1B14AB53-385C-4E0F-B631-31AFC5BD8D0F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2071D267-00D2-4E6A-BC99-D940D33950CC} - System32\Tasks\90675c00 => C:\Users\nerges\AppData\Local\Temp\\setup843492864.exe No File Task: {23687C03-48B1-425B-9FA8-D7614E870A05} - System32\Tasks\add4cb80 => C:\Users\nerges\AppData\Local\Temp\\setup1777444096.exe No File Task: {2A16BF15-3C2F-4F8D-B37E-7D44F4512889} - System32\Tasks\ff1c5400 => C:\Users\nerges\AppData\Local\Temp\\setup3693486592.exe No File Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3A35992C-6686-43AA-8938-433F41E255A1} - System32\Tasks\3f7f2e00 => C:\Users\nerges\AppData\Local\Temp\\setup1448186752.exe No File Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3C1175EB-E28A-4C9F-8B03-187525646E4A} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {3E885CFA-168E-4700-A8D2-61C4E27502E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {5122395F-FB54-4FBF-9255-AA91C401C75A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {64661908-C69D-4171-A714-198F1209D059} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software) Task: {6B1663F6-6C07-49E5-9D92-100561440DD9} - System32\Tasks\192f0800 => C:\Users\nerges\AppData\Local\Temp\\setup3905319936.exe No File Task: {6F27BBB6-058B-4798-BFF9-A037471318AA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File Task: {7EC13C3F-659B-4153-A5CE-357BBABAF4B3} - System32\Tasks\a3076280 => C:\Users\nerges\AppData\Local\Temp\\setup3537192064.exe No File Task: {860AE811-30AA-4CD3-923D-485B1586F01F} - System32\Tasks\Microsoft\Windows\RestartManager\{E7DF2160-AC2E-414d-AC11-B18ED53A4F04} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {892F2FD9-5969-47FB-9F00-0F51B2A7511A} - System32\Tasks\{7F8EBE36-48CF-4FAA-B65D-355178BB1CCF} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {8FB89E18-6AF9-495F-8E8D-EA16EDAE4148} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {9024D6E2-88F7-4BB8-939C-5A5CE806E4EE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.1.0.28\SymErr.exe No File Task: {9B774E41-B80B-4021-B1FE-EC5115E03F65} - System32\Tasks\bc58fe00 => C:\Users\nerges\AppData\Local\Temp\\setup1806348800.exe No File Task: {A2496989-9266-4F1E-B97A-BA576DE1D400} - System32\Tasks\215bb380 => C:\Users\nerges\AppData\Local\Temp\\setup4012785152.exe No File Task: {A5790662-328C-482F-B72C-39695992C30E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {BC97BEBE-5D3F-4275-A734-4F4D92D24FED} - System32\Tasks\3d0b7c00 => C:\Users\nerges\AppData\Local\Temp\\setup527842816.exe No File Task: {D289B339-AD41-4D87-B68A-40D2BE737615} - System32\Tasks\b436c400 => C:\Users\nerges\AppData\Local\Temp\\setup2436928000.exe No File Task: {D372811D-F2E9-4114-AE0B-05D04F81FC01} - System32\Tasks\48b3c000 => C:\Users\nerges\AppData\Local\Temp\\setup723419648.exe No File Task: {D3E42826-0566-470B-A59F-B4A9752E849B} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {D47B6A58-1F7D-4791-A475-7891D6910F0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000Core => C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-12] (Facebook Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F4F312F9-43A0-4B47-A64D-F0DC6AED19FA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe No File Task: {FE927ABA-82D9-4EAB-B7AF-09FFAE071A1E} - System32\Tasks\97190d00 => C:\Users\nerges\AppData\Local\Temp\\setup1693161344.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000Core.job => C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000UA.job => C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2013 08:26:58 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (07/18/2013 07:57:06 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 07:56:27 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/18/2013 00:45:45 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/18/2013 00:41:41 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 00:18:28 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/18/2013 00:17:43 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 10:47:18 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/17/2013 10:31:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 02:40:07 AM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\NERGES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P92AVSE4.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-18 22:12:49.270 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:49.099 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.940 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.775 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.613 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.455 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.232 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:48.076 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:45.844 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 22:12:45.685 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3001.08 MB Available physical RAM: 1673.58 MB Total Pagefile: 6234.47 MB Available Pagefile: 4694.74 MB Total Virtual: 2047.88 MB Available Virtual: 1899.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:143.19 GB) (Free:72.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:143.18 GB) (Free:142.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 73DF72F7) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
19.07.2013, 09:28
| #4 | |
| /// the machine /// TB-Ausbilder | Internet ProblemeCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2013, 14:28
| #5 |
| | Internet ProblemeCode:
ATTFilter ComboFix 13-07-18.04 - nerges 19.07.2013 14:52:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3001.2004 [GMT 2:00]
ausgeführt von:: c:\users\nerges\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}
c:\users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}\chrome.manifest
c:\users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}\chrome\content\_cfg.js
c:\users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}\chrome\content\overlay.xul
c:\users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}\install.rdf
c:\users\nerges\AppData\Roaming\Adobe\plugs
c:\users\nerges\AppData\Roaming\Adobe\shed
c:\users\nerges\AppData\Roaming\Bilder
c:\users\nerges\AppData\Roaming\chrtmp
c:\users\nerges\AppData\Roaming\Sysutils_Update
c:\windows\system32\130e04e6.dll
c:\windows\system32\17db1396.dll
c:\windows\system32\1a65f916.dll
c:\windows\system32\24745a39.dll
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-19 bis 2013-07-19 ))))))))))))))))))))))))))))))
.
.
2013-07-18 20:12 . 2013-07-18 20:12 -------- d-----w- C:\FRST
2013-07-17 22:57 . 2013-07-17 22:57 -------- d-----w- c:\program files\ESET
2013-07-15 01:18 . 2013-07-15 01:18 -------- d-----w- c:\program files\cFosSpeed
2013-07-15 01:18 . 2013-04-19 14:45 1242464 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2013-07-15 01:17 . 2013-07-15 01:17 -------- d-----w- c:\users\nerges\AppData\Local\cFos
2013-07-15 01:17 . 2013-07-15 01:17 -------- d-----w- c:\programdata\cFos
2013-07-15 01:17 . 2013-07-17 00:14 -------- d-----w- c:\windows\system32\logs
2013-07-13 23:10 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-04 18:50 . 2013-07-04 18:51 -------- d-----w- c:\users\nerges\AppData\Roaming\FRITZ!
2013-07-04 18:50 . 2013-07-04 18:50 -------- d-----w- c:\users\nerges\AppData\Local\FRITZ!
2013-07-04 18:40 . 2013-07-04 18:40 -------- d-----w- c:\program files\1&1
2013-07-04 18:40 . 2013-07-04 18:40 -------- d-----w- c:\program files\Common Files\AVM
2013-07-04 18:40 . 2013-07-04 18:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-26 12:57 . 2013-06-26 12:57 -------- d-----w- C:\found.001
2013-06-25 13:56 . 2013-06-25 13:56 -------- d-----w- c:\programdata\Ask
2013-06-25 13:56 . 2013-06-25 13:56 -------- d-----w- c:\program files\Common Files\Java
2013-06-25 13:56 . 2013-06-25 13:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 13:56 . 2012-07-08 00:33 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 13:56 . 2010-07-16 15:58 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-11 18:52 . 2013-04-03 20:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 18:52 . 2013-04-03 20:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-12 138096]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-08 328056]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-04 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2013-04-19 1339232]
.
c:\users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^nerges^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-21 10:18 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-01-12 18:01 138096 ----atw- c:\users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 16:20 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-10-22 13:38 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-05-03 23:35 1635752 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-10-25 12:08 4762496 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-04 06:25 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-08 18:35 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
2012-05-01 20:12 17792376 ----a-w- c:\program files\Voipwise.com\Voipwise\voipwise.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-05-09 17:18 49152 ----a-w- c:\program files\EMACHINES\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-25 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 00:49 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 18:52]
.
2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000Core.job
- c:\users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03 18:01]
.
2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-77098139-3302094378-3183389413-1000UA.job
- c:\users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03 18:01]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 15:42]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 15:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15183
mStart Page = hxxp://de.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\1&1\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-07-11 11:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-03-10 19:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-19 15:08
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVG\AVG2012\avgfws.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-19 15:14:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-19 13:14
.
Vor Suchlauf: 11 Verzeichnis(se), 71.326.699.520 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 71.281.635.328 Bytes frei
.
- - End Of File - - A545A1093C87A8A3E8A710A56CB14008
EF932EAA6EF4C94E66A7F6CEEC7EB422
|
|
19.07.2013, 15:28
| #6 |
| /// the machine /// TB-Ausbilder | Internet Probleme Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Internet Probleme |
|
19.07.2013, 17:29
| #7 |
| | Internet ProblemeCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows Vista (TM) Home Premium x86
Ran by nerges on 19.07.2013 at 18:17:56,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\minidumps [1825 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\nerges\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 18:20:09,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 19/07/2013 um 18:09:19 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : nerges - NERGES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\nerges\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : StumbleUponUpdater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\searchplugins\plasmoo.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\SearchElf_1.2
Ordner Gelöscht : C:\Program Files\xfirexo
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\nerges\AppData\Local\APN
Ordner Gelöscht : C:\Users\nerges\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Ordner Gelöscht : C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\SearchElf_1.2
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\StumbleUpon
Ordner Gelöscht : C:\Users\nerges\AppData\LocalLow\xfirexo
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Conduit
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\CT2269050
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\CT2304157
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\extensions\engine@plasmoo.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SearchElf_1.2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XfireXO
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchElf_1.2 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\XfireXO Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBFC8DF5-C9D0-4813-A2EA-9135DBC2D9E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E6547E-325B-403C-A3BB-AD29ED37A92F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F23C15C-D6E9-4AFC-805D-A5DD9BC2E200}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A07D6BB-5ABC-4DCC-9085-05590C8930F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B914F4EA-F39D-4F4F-80BD-A62F19F22178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3F23C15C-D6E9-4AFC-805D-A5DD9BC2E200}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{889A21C8-87AE-4A11-87E2-7AE6A7831BBD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBFC8DF5-C9D0-4813-A2EA-9135DBC2D9E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.2 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XfireXO Toolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SearchElf_1.2
Schlüssel Gelöscht : HKLM\Software\XfireXO
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F4E6547E-325B-403C-A3BB-AD29ED37A92F}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19088
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=15183 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\prefs.js
C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.36] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.39] : keyword = "ask.com",
Gelöscht [l.43] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83[...]
Gelöscht [l.44] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.2154] : homepage = "hxxp://www.ask.com/?l=dis&o=15183cr",
Gelöscht [l.2348] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=0[...]
*************************
AdwCleaner[S1].txt - [14324 octets] - [19/07/2013 18:09:19]
########## EOF - C:\AdwCleaner[S1].txt - [14385 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by nerges (administrator) on 19-07-2013 18:28:30
Running from C:\Users\nerges\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcfgex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] ()
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] ()
g] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2010-06-04] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 09 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 35 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nerges\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\ich@maltegoetz.de
FF Extension: StumbleUpon - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\toolbar@stumbleupon.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Yahoo! Toolbar - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{D7EBE077-16BF-49CE-95D5-4C0684E8807A}] C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (registryAccess) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-25] (SUPERAntiSpyware.com)
S2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [438112 2013-04-19] (cFos Software GmbH)
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google)
S4 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3563392 2010-07-01] (INCA Internet Co., Ltd.)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1242464 2013-04-19] (cFos Software GmbH)
R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 EagleNT; C:\Windows\system32\drivers\EagleNT.sys [16976 2013-02-28] (AVG Technologies CZ, s.r.o. )
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-19 18:27 - 2013-07-19 18:27 - 01218862 _____ (Farbar) C:\Users\nerges\Desktop\FRST.exe
2013-07-19 18:20 - 2013-07-19 18:20 - 00001313 _____ C:\Users\nerges\Desktop\JRT.txt
2013-07-19 18:17 - 2013-07-19 18:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 18:15 - 2013-07-19 18:15 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\nerges\Desktop\JRT.exe
2013-07-19 18:09 - 2013-07-19 18:10 - 00014455 _____ C:\AdwCleaner[S1].txt
2013-07-19 18:08 - 2013-07-19 18:08 - 00662345 _____ C:\Users\nerges\Downloads\adwcleaner.exe
2013-07-19 15:14 - 2013-07-19 15:14 - 00017598 _____ C:\ComboFix.txt
2013-07-19 14:50 - 2013-07-19 14:50 - 00001234 _____ C:\Users\nerges\Desktop\ComboFix.exe - Verknüpfung.lnk
2013-07-19 14:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-19 14:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-19 14:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-19 14:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-19 14:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-19 14:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-19 14:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-19 14:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-19 14:48 - 2013-07-19 15:15 - 00000000 ____D C:\Qoobox
2013-07-19 14:47 - 2013-07-19 15:13 - 00000000 ____D C:\Windows\erdnt
2013-07-19 14:46 - 2013-07-19 14:46 - 05091168 ____R (Swearware) C:\Users\nerges\Downloads\ComboFix.exe
2013-07-19 00:51 - 2013-07-19 00:53 - 00000000 ____D C:\Users\nerges\Downloads\Kings Bounty The Legend [GOG]
2013-07-19 00:45 - 2013-07-19 00:51 - 3299626628 _____ C:\Users\nerges\Downloads\King's Bounty - The Legend.dmg
2013-07-19 00:38 - 2013-07-19 00:38 - 00674016 _____ C:\Users\nerges\Downloads\Brothersoft_downloader_For_King_s_Bounty_The_Legend.exe
2013-07-18 22:13 - 2013-07-18 22:13 - 00038597 _____ C:\Users\nerges\Downloads\FRST.txt
2013-07-18 22:13 - 2013-07-18 22:13 - 00021071 _____ C:\Users\nerges\Downloads\Addition.txt
2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST
2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt
2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe
2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt
2013-07-18 01:26 - 2013-07-18 01:26 - 00098198 _____ C:\Users\nerges\Downloads\OTL.Txt
2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt
2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log
2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable
2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe
2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe
2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET
2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe
2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip
2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed
2013-07-15 03:18 - 2013-04-19 16:45 - 01242464 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos
2013-07-15 03:08 - 2013-07-19 15:06 - 00005064 _____ C:\Windows\PFRO.log
2013-07-15 02:50 - 2013-07-15 02:52 - 00000000 ____D C:\Users\nerges\Downloads\backups
2013-07-15 02:43 - 2013-07-18 01:05 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log
2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe
2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log
2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg
2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 01:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 01:09 - 2013-07-14 01:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-04 20:50 - 2013-07-04 20:51 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ!
2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ!
2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1
2013-07-04 20:38 - 2013-07-04 20:39 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe
2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt
2013-06-27 13:01 - 2013-06-27 13:02 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt
2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 ____D C:\found.001
2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe
2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi
2013-06-21 13:23 - 2013-07-19 18:17 - 00014468 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt
==================== One Month Modified Files and Folders =======
2013-07-19 18:27 - 2013-07-19 18:27 - 01218862 _____ (Farbar) C:\Users\nerges\Desktop\FRST.exe
2013-07-19 18:25 - 2010-07-08 17:18 - 00000000 ___RD C:\Users\nerges\Desktop
2013-07-19 18:21 - 2010-08-20 16:01 - 00000000 ____D C:\Users\nerges\AppData\Roaming\uTorrent
2013-07-19 18:20 - 2013-07-19 18:20 - 00001313 _____ C:\Users\nerges\Desktop\JRT.txt
2013-07-19 18:19 - 2008-01-21 09:16 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-19 18:17 - 2013-07-19 18:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 18:17 - 2013-06-21 13:23 - 00014468 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt
2013-07-19 18:16 - 2010-07-08 17:17 - 01653415 _____ C:\Windows\WindowsUpdate.log
2013-07-19 18:15 - 2013-07-19 18:15 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\nerges\Desktop\JRT.exe
2013-07-19 18:14 - 2013-05-27 13:47 - 00000000 ____D C:\Program Files\Steam
2013-07-19 18:11 - 2010-06-04 08:04 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-07-19 18:11 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 18:11 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 18:11 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 18:10 - 2013-07-19 18:09 - 00014455 _____ C:\AdwCleaner[S1].txt
2013-07-19 18:10 - 2011-09-04 22:54 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-19 18:10 - 2006-11-02 15:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-19 18:09 - 2010-07-09 23:08 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-19 18:08 - 2013-07-19 18:08 - 00662345 _____ C:\Users\nerges\Downloads\adwcleaner.exe
2013-07-19 15:15 - 2013-07-19 14:48 - 00000000 ____D C:\Qoobox
2013-07-19 15:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-19 15:14 - 2013-07-19 15:14 - 00017598 _____ C:\ComboFix.txt
2013-07-19 15:13 - 2013-07-19 14:47 - 00000000 ____D C:\Windows\erdnt
2013-07-19 15:11 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-07-19 15:06 - 2013-07-15 03:08 - 00005064 _____ C:\Windows\PFRO.log
2013-07-19 14:58 - 2010-07-08 17:31 - 00000000 ____D C:\Users\nerges\AppData\Roaming\Adobe
2013-07-19 14:51 - 2013-04-03 22:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 14:50 - 2013-07-19 14:50 - 00001234 _____ C:\Users\nerges\Desktop\ComboFix.exe - Verknüpfung.lnk
2013-07-19 14:50 - 2012-07-23 02:34 - 00000000 ____D C:\Users\nerges\AppData\Local\CrashDumps
2013-07-19 14:48 - 2012-07-08 23:49 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-07-19 14:46 - 2013-07-19 14:46 - 05091168 ____R (Swearware) C:\Users\nerges\Downloads\ComboFix.exe
2013-07-19 14:43 - 2010-07-08 17:41 - 00000000 ____D C:\Users\nerges\Tracing
2013-07-19 00:53 - 2013-07-19 00:51 - 00000000 ____D C:\Users\nerges\Downloads\Kings Bounty The Legend [GOG]
2013-07-19 00:51 - 2013-07-19 00:45 - 3299626628 _____ C:\Users\nerges\Downloads\King's Bounty - The Legend.dmg
2013-07-19 00:38 - 2013-07-19 00:38 - 00674016 _____ C:\Users\nerges\Downloads\Brothersoft_downloader_For_King_s_Bounty_The_Legend.exe
2013-07-18 22:13 - 2013-07-18 22:13 - 00038597 _____ C:\Users\nerges\Downloads\FRST.txt
2013-07-18 22:13 - 2013-07-18 22:13 - 00021071 _____ C:\Users\nerges\Downloads\Addition.txt
2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST
2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt
2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe
2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt
2013-07-18 01:26 - 2013-07-18 01:26 - 00098198 _____ C:\Users\nerges\Downloads\OTL.Txt
2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt
2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log
2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable
2013-07-18 01:12 - 2010-07-08 17:18 - 00000000 ____D C:\Users\nerges
2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe
2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe
2013-07-18 01:05 - 2013-07-15 02:43 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log
2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET
2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe
2013-07-17 22:24 - 2012-10-22 15:38 - 00000000 ____D C:\Users\nerges\AppData\Local\PMB Files
2013-07-17 22:24 - 2012-10-22 15:38 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 21:29 - 2010-07-08 17:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\Skype
2013-07-17 01:44 - 2010-10-02 17:10 - 00000000 ____D C:\Users\nerges\AppData\Roaming\DVDVideoSoft
2013-07-17 01:44 - 2010-07-09 23:08 - 00000000 ____D C:\Users\nerges\Documents\DVDVideoSoft
2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip
2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk
2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos
2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos
2013-07-15 03:08 - 2006-11-02 14:47 - 00323960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-15 02:52 - 2013-07-15 02:50 - 00000000 ____D C:\Users\nerges\Downloads\backups
2013-07-15 02:44 - 2010-07-08 17:19 - 00077936 _____ C:\Users\nerges\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe
2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe
2013-07-14 21:08 - 2010-09-16 15:41 - 00000216 _____ C:\Users\nerges\Documents\PWOOptions.ini
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log
2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg
2013-07-14 02:53 - 2013-04-04 01:51 - 00000000 ____D C:\Program Files\Firefly Studios
2013-07-14 02:53 - 2010-10-08 21:52 - 00000000 ____D C:\Program Files\Warcraft III
2013-07-14 02:53 - 2009-02-19 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 01:10 - 2013-07-14 01:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-07-14 01:10 - 2011-03-23 15:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 01:10 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-13 15:09 - 2010-07-20 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 15:09 - 2010-07-08 17:43 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 15:09 - 2010-07-08 17:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 03:01 - 2009-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:41 - 2012-12-31 17:53 - 00002245 _____ C:\Users\nerges\Desktop\Neues Textdokument.txt
2013-07-06 23:37 - 2010-07-23 20:49 - 00000000 ____D C:\Windows\Minidump
2013-07-04 20:51 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ!
2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ!
2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1
2013-07-04 20:39 - 2013-07-04 20:38 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe
2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt
2013-06-27 13:02 - 2013-06-27 13:01 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt
2013-06-27 01:05 - 2010-07-15 19:24 - 00000000 ____D C:\Users\nerges\Desktop\alle Bilder
2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 ____D C:\found.001
2013-06-26 14:49 - 2012-07-08 01:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 14:16 - 2013-05-10 22:54 - 00014824 _____ C:\Users\nerges\Documents\Unbenannt 1.odt
2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 15:56 - 2012-07-08 02:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-25 15:56 - 2010-07-16 17:58 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-25 15:56 - 2010-07-16 17:58 - 00000000 ____D C:\Program Files\Java
2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe
2013-06-21 19:33 - 2012-07-08 03:11 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-19 18:18
==================== End Of Log ============================
soo hier sind alle logfiles  |
|
19.07.2013, 20:08
| #8 |
| /// the machine /// TB-Ausbilder | Internet Probleme Noch nen Onlinescan und wir sollten durch sein  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 03:21
| #9 |
| | Internet ProblemeCode:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` AVG Internet Security 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2012 AVG PC Tuneup TuneUp Utilities Language Pack (de-DE) CCleaner JavaFX 2.1.1 Java(TM) 6 Update 20 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=964f486f06ead84b992d263133ce39b9
# engine=14439
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-17 10:59:31
# local_time=2013-07-18 12:59:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 95 31983816 211634699 0 0
# scanned=11
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=964f486f06ead84b992d263133ce39b9
# engine=14463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-20 01:16:34
# local_time=2013-07-20 03:16:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 95 32164839 211815722 0 0
# scanned=168036
# found=0
# cleaned=0
# scan_time=5142
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 Ran by nerges (administrator) on 20-07-2013 03:58:50 Running from C:\Users\nerges\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (OldTimer Tools) c:\Users\nerges\Downloads\OTL.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] () HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2008-08-29] () IMEO\cfosspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IMEO\setup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" Startup: C:\Users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog5 09 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 01 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 02 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 03 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin) Winsock: Catalog9 35 C:\Program Files\1&1\\sarah.dll [24880] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nerges\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\ich@maltegoetz.de FF Extension: StumbleUpon - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\toolbar@stumbleupon.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Yahoo! Toolbar - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\nerges\AppData\Roaming\Mozilla\Firefox\Profiles\p92avse4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [{D7EBE077-16BF-49CE-95D5-4C0684E8807A}] C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A} Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File CHR Plugin: (registryAccess) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\background/registryAccess.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Unity Player) - C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-25] (SUPERAntiSpyware.com) R2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) S4 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [438112 2013-04-19] (cFos Software GmbH) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation) S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google) S4 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [3563392 2010-07-01] (INCA Internet Co., Ltd.) S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-23] (AVG Technologies CZ, s.r.o.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.) R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1242464 2013-04-19] (cFos Software GmbH) R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 EagleNT; C:\Windows\system32\drivers\EagleNT.sys [16976 2013-02-28] (AVG Technologies CZ, s.r.o. ) R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x] S3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-20 01:51 - 2013-07-20 01:52 - 00891062 _____ C:\Users\nerges\Desktop\SecurityCheck.exe 2013-07-20 01:49 - 2013-07-20 01:49 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_enu.exe 2013-07-19 18:27 - 2013-07-19 18:27 - 01218862 _____ (Farbar) C:\Users\nerges\Desktop\FRST.exe 2013-07-19 18:20 - 2013-07-19 18:20 - 00001313 _____ C:\Users\nerges\Desktop\JRT.txt 2013-07-19 18:17 - 2013-07-19 18:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-19 18:15 - 2013-07-19 18:15 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\nerges\Desktop\JRT.exe 2013-07-19 18:09 - 2013-07-19 18:10 - 00014455 _____ C:\AdwCleaner[S1].txt 2013-07-19 18:08 - 2013-07-19 18:08 - 00662345 _____ C:\Users\nerges\Downloads\adwcleaner.exe 2013-07-19 15:14 - 2013-07-19 15:14 - 00017598 _____ C:\ComboFix.txt 2013-07-19 14:50 - 2013-07-19 14:50 - 00001234 _____ C:\Users\nerges\Desktop\ComboFix.exe - Verknüpfung.lnk 2013-07-19 14:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-19 14:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-19 14:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-19 14:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-19 14:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-19 14:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-19 14:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-19 14:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-19 14:48 - 2013-07-19 15:15 - 00000000 ____D C:\Qoobox 2013-07-19 14:47 - 2013-07-19 15:13 - 00000000 ____D C:\Windows\erdnt 2013-07-19 14:46 - 2013-07-19 14:46 - 05091168 ____R (Swearware) C:\Users\nerges\Downloads\ComboFix.exe 2013-07-19 00:51 - 2013-07-20 00:07 - 00000000 ____D C:\Users\nerges\Downloads\Kings Bounty The Legend [GOG] 2013-07-19 00:38 - 2013-07-19 00:38 - 00674016 _____ C:\Users\nerges\Downloads\Brothersoft_downloader_For_King_s_Bounty_The_Legend.exe 2013-07-18 22:13 - 2013-07-18 22:13 - 00021071 _____ C:\Users\nerges\Downloads\Addition.txt 2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST 2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt 2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe 2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt 2013-07-18 01:26 - 2013-07-20 03:52 - 00088630 _____ C:\Users\nerges\Downloads\OTL.Txt 2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt 2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log 2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable 2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe 2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe 2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET 2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe 2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip 2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk 2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk 2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed 2013-07-15 03:18 - 2013-04-19 16:45 - 01242464 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys 2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos 2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos 2013-07-15 03:08 - 2013-07-19 15:06 - 00005064 _____ C:\Windows\PFRO.log 2013-07-15 02:50 - 2013-07-15 02:52 - 00000000 ____D C:\Users\nerges\Downloads\backups 2013-07-15 02:43 - 2013-07-18 01:05 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log 2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe 2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe 2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log 2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log 2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg 2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-14 01:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-14 01:09 - 2013-07-14 01:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-07-04 20:50 - 2013-07-04 20:51 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ! 2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ! 2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1 2013-07-04 20:38 - 2013-07-04 20:39 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe 2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt 2013-06-27 13:01 - 2013-06-27 13:02 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt 2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 ____D C:\found.001 2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe 2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi 2013-06-21 13:23 - 2013-07-19 18:17 - 00014468 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt ==================== One Month Modified Files and Folders ======= 2013-07-20 03:52 - 2013-07-18 01:26 - 00088630 _____ C:\Users\nerges\Downloads\OTL.Txt 2013-07-20 03:47 - 2010-07-08 17:18 - 00000000 ___RD C:\Users\nerges\Desktop 2013-07-20 03:04 - 2008-01-21 09:16 - 01565124 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-20 03:00 - 2010-07-08 17:17 - 01672058 _____ C:\Windows\WindowsUpdate.log 2013-07-20 02:21 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-20 02:21 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-20 01:52 - 2013-07-20 01:51 - 00891062 _____ C:\Users\nerges\Desktop\SecurityCheck.exe 2013-07-20 01:51 - 2013-04-03 22:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-20 01:49 - 2013-07-20 01:49 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_enu.exe 2013-07-20 00:52 - 2012-07-08 23:49 - 00000000 ____D C:\Windows\system32\Drivers\AVG 2013-07-20 00:51 - 2012-10-22 15:38 - 00000000 ____D C:\Users\nerges\AppData\Local\PMB Files 2013-07-20 00:51 - 2012-10-22 15:38 - 00000000 ____D C:\ProgramData\PMB Files 2013-07-20 00:24 - 2010-08-20 16:01 - 00000000 ____D C:\Users\nerges\AppData\Roaming\uTorrent 2013-07-20 00:24 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-20 00:21 - 2010-06-04 08:04 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml 2013-07-20 00:21 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-20 00:20 - 2011-09-04 22:54 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-07-20 00:20 - 2006-11-02 15:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-20 00:07 - 2013-07-19 00:51 - 00000000 ____D C:\Users\nerges\Downloads\Kings Bounty The Legend [GOG] 2013-07-19 18:27 - 2013-07-19 18:27 - 01218862 _____ (Farbar) C:\Users\nerges\Desktop\FRST.exe 2013-07-19 18:20 - 2013-07-19 18:20 - 00001313 _____ C:\Users\nerges\Desktop\JRT.txt 2013-07-19 18:17 - 2013-07-19 18:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-19 18:17 - 2013-06-21 13:23 - 00014468 _____ C:\Users\nerges\Desktop\Neues Textdokument (2).txt 2013-07-19 18:15 - 2013-07-19 18:15 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\nerges\Desktop\JRT.exe 2013-07-19 18:10 - 2013-07-19 18:09 - 00014455 _____ C:\AdwCleaner[S1].txt 2013-07-19 18:09 - 2010-07-09 23:08 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-07-19 18:08 - 2013-07-19 18:08 - 00662345 _____ C:\Users\nerges\Downloads\adwcleaner.exe 2013-07-19 15:15 - 2013-07-19 14:48 - 00000000 ____D C:\Qoobox 2013-07-19 15:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-07-19 15:14 - 2013-07-19 15:14 - 00017598 _____ C:\ComboFix.txt 2013-07-19 15:13 - 2013-07-19 14:47 - 00000000 ____D C:\Windows\erdnt 2013-07-19 15:11 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-07-19 15:06 - 2013-07-15 03:08 - 00005064 _____ C:\Windows\PFRO.log 2013-07-19 14:58 - 2010-07-08 17:31 - 00000000 ____D C:\Users\nerges\AppData\Roaming\Adobe 2013-07-19 14:50 - 2013-07-19 14:50 - 00001234 _____ C:\Users\nerges\Desktop\ComboFix.exe - Verknüpfung.lnk 2013-07-19 14:50 - 2012-07-23 02:34 - 00000000 ____D C:\Users\nerges\AppData\Local\CrashDumps 2013-07-19 14:46 - 2013-07-19 14:46 - 05091168 ____R (Swearware) C:\Users\nerges\Downloads\ComboFix.exe 2013-07-19 14:43 - 2010-07-08 17:41 - 00000000 ____D C:\Users\nerges\Tracing 2013-07-19 00:38 - 2013-07-19 00:38 - 00674016 _____ C:\Users\nerges\Downloads\Brothersoft_downloader_For_King_s_Bounty_The_Legend.exe 2013-07-18 22:13 - 2013-07-18 22:13 - 00021071 _____ C:\Users\nerges\Downloads\Addition.txt 2013-07-18 22:12 - 2013-07-18 22:12 - 00000000 ____D C:\FRST 2013-07-18 20:36 - 2013-07-18 20:36 - 00010743 _____ C:\Users\nerges\Desktop\gmer.txt 2013-07-18 20:19 - 2013-07-18 20:19 - 00377856 _____ C:\Users\nerges\Downloads\gmer_2.1.19163.exe 2013-07-18 01:29 - 2013-07-18 01:29 - 00047480 _____ C:\Users\nerges\Downloads\Extras.Txt 2013-07-18 01:18 - 2013-07-18 01:18 - 00000693 _____ C:\Users\nerges\Documents\gtzhuj.txt 2013-07-18 01:12 - 2013-07-18 01:12 - 00000474 _____ C:\Users\nerges\Downloads\defogger_disable.log 2013-07-18 01:12 - 2013-07-18 01:12 - 00000000 _____ C:\Users\nerges\defogger_reenable 2013-07-18 01:12 - 2010-07-08 17:18 - 00000000 ____D C:\Users\nerges 2013-07-18 01:10 - 2013-07-18 01:10 - 00602112 _____ (OldTimer Tools) C:\Users\nerges\Downloads\OTL.exe 2013-07-18 01:10 - 2013-07-18 01:10 - 00050477 _____ C:\Users\nerges\Desktop\Defogger.exe 2013-07-18 01:05 - 2013-07-15 02:43 - 00010546 _____ C:\Users\nerges\Downloads\hijackthis.log 2013-07-18 00:57 - 2013-07-18 00:57 - 00000000 ____D C:\Program Files\ESET 2013-07-18 00:56 - 2013-07-18 00:56 - 02347384 _____ (ESET) C:\Users\nerges\Downloads\esetsmartinstaller_deu.exe 2013-07-17 21:29 - 2010-07-08 17:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\Skype 2013-07-17 01:44 - 2010-10-02 17:10 - 00000000 ____D C:\Users\nerges\AppData\Roaming\DVDVideoSoft 2013-07-17 01:44 - 2010-07-09 23:08 - 00000000 ____D C:\Users\nerges\Documents\DVDVideoSoft 2013-07-16 00:24 - 2013-07-16 00:24 - 00355150 _____ C:\Users\nerges\Downloads\hrping-v504.zip 2013-07-15 03:18 - 2013-07-15 03:18 - 00001224 _____ C:\Users\nerges\Desktop\cFosSpeed Features.lnk 2013-07-15 03:18 - 2013-07-15 03:18 - 00001140 _____ C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk 2013-07-15 03:18 - 2013-07-15 03:18 - 00000000 ____D C:\Program Files\cFosSpeed 2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\Users\nerges\AppData\Local\cFos 2013-07-15 03:17 - 2013-07-15 03:17 - 00000000 ____D C:\ProgramData\cFos 2013-07-15 03:08 - 2006-11-02 14:47 - 00323960 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-15 02:52 - 2013-07-15 02:50 - 00000000 ____D C:\Users\nerges\Downloads\backups 2013-07-15 02:44 - 2010-07-08 17:19 - 00077936 _____ C:\Users\nerges\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-15 02:42 - 2013-07-15 02:42 - 04820216 _____ C:\Users\nerges\Downloads\cfosspeed-v904.exe 2013-07-15 02:42 - 2013-07-15 02:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\nerges\Downloads\HiJackThis204.exe 2013-07-14 21:08 - 2010-09-16 15:41 - 00000216 _____ C:\Users\nerges\Documents\PWOOptions.ini 2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setuperr.log 2013-07-14 15:52 - 2013-07-14 15:52 - 00000000 _____ C:\Windows\setupact.log 2013-07-14 15:02 - 2013-07-14 15:02 - 00008422 _____ C:\Users\nerges\Documents\cc_20130714_150229.reg 2013-07-14 02:53 - 2013-04-04 01:51 - 00000000 ____D C:\Program Files\Firefly Studios 2013-07-14 02:53 - 2010-10-08 21:52 - 00000000 ____D C:\Program Files\Warcraft III 2013-07-14 02:53 - 2009-02-19 20:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-07-14 01:10 - 2013-07-14 01:10 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-14 01:10 - 2013-07-14 01:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\nerges\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-07-14 01:10 - 2011-03-23 15:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-13 15:09 - 2010-07-20 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-13 15:09 - 2010-07-08 17:43 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-13 15:09 - 2010-07-08 17:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-12 03:01 - 2009-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 17:41 - 2012-12-31 17:53 - 00002245 _____ C:\Users\nerges\Desktop\Neues Textdokument.txt 2013-07-06 23:37 - 2010-07-23 20:49 - 00000000 ____D C:\Windows\Minidump 2013-07-04 20:51 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Roaming\FRITZ! 2013-07-04 20:50 - 2013-07-04 20:50 - 00000000 ____D C:\Users\nerges\AppData\Local\FRITZ! 2013-07-04 20:40 - 2013-07-04 20:40 - 00001812 _____ C:\Users\Public\Desktop\FRITZ!Box starter.lnk 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\Common Files\AVM 2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files\1&1 2013-07-04 20:39 - 2013-07-04 20:38 - 15362864 _____ C:\Users\nerges\Downloads\FRITZBox_starter.exe 2013-06-27 19:45 - 2013-06-27 19:45 - 00016918 _____ C:\Users\nerges\Documents\Unbenannt 12.odt 2013-06-27 13:02 - 2013-06-27 13:01 - 00001143 _____ C:\Users\nerges\Desktop\Neues Textdokument (3).txt 2013-06-27 01:05 - 2010-07-15 19:24 - 00000000 ____D C:\Users\nerges\Desktop\alle Bilder 2013-06-26 14:57 - 2013-06-26 14:57 - 00000000 ____D C:\found.001 2013-06-26 14:49 - 2012-07-08 01:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-26 14:44 - 2013-06-26 14:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 14:16 - 2013-05-10 22:54 - 00014824 _____ C:\Users\nerges\Documents\Unbenannt 1.odt 2013-06-25 15:56 - 2013-06-25 15:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-06-25 15:56 - 2013-06-25 15:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-06-25 15:56 - 2013-06-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 15:56 - 2012-07-08 02:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-06-25 15:56 - 2012-07-08 02:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-06-25 15:56 - 2010-07-16 17:58 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-06-25 15:56 - 2010-07-16 17:58 - 00000000 ____D C:\Program Files\Java 2013-06-25 15:54 - 2013-06-25 15:54 - 00903080 _____ (Oracle Corporation) C:\Users\nerges\Downloads\jxpiinstall.exe 2013-06-21 19:33 - 2012-07-08 03:11 - 00000000 ____D C:\Program Files\SystemRequirementsLab 2013-06-21 19:32 - 2013-06-21 19:32 - 00626688 _____ C:\Users\nerges\Downloads\Detection(1).msi ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-20 00:28 ==================== End Of Log ============================ hier die logs |
|
20.07.2013, 10:35
| #10 |
| /// the machine /// TB-Ausbilder | Internet Probleme Adobe und WIndows updaten. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 12:16
| #11 |
| | Internet Probleme Also, es sind keine Internetprobleme mehr vorgekommen die ich davor beschrieben habe danke dafür.hätte aber noch 2 Fragen: Es lagt manchmal noch bei Onlinegames, liegt es einfach an meiner schlechten Verbindung? Wie update ich windows und Adobe? |
|
20.07.2013, 19:55
| #12 | |
| /// the machine /// TB-Ausbilder | Internet ProblemeZitat:
Adobe deinstallieren und neu installieren. Windows update findest DU unter Start > alle Programme. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 21:51
| #13 |
| | Internet Probleme sry für die dumme Frage aber was genau meinst du mit Adobe? Den Flash player oder den Reader? btw. gibt es eine Methode um den Ping niedriger zu kriegen/ die Internetgeschwindigkeit zu erhöhen=? Geändert von helplessnoob (20.07.2013 um 22:20 Uhr) |
|
21.07.2013, 14:48
| #14 |
| /// the machine /// TB-Ausbilder | Internet Probleme Den Adobe Reader. Was genau meinst Du mit Internet-Geschwindigkeit?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 15:14
| #15 |
| | Internet Probleme Es ist bei mir so, dass mein Ping manchmal stark schwankt. 60ms-90ms Wie schaffe ich es den Ping konstant zu halten, oder noch besser ihn niedriger zu bringen? |
|
| Themen zu Internet Probleme |
| bho, converter, desktop, dvdvideosoft ltd., error, excel, flash player, funktioniert nicht mehr, google, home, iexplore.exe, install.exe, installation, internet, internet problem, internet probleme, intranet, keine viren, launch, metin2, mozilla, mp3, plug-in, problem, realtek, registry, scan, security, senden, software, svchost.exe, symantec, viren, vista |
Linear-Darstellung
