Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite (https://www.trojaner-board.de/135094-e-ligatus-com-firefox-oeffnet-unaufgefordert-dubiose-internetseite.html)

N3mesis 17.05.2013 10:47
e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite
 
Hallo Trojaner-Community,

scheinbar hat es mich erwischt, ich habe seit gestern abend das Problem, dass mein Browser (FireFox) in regelmäßigen Abschnitten folgenden Link öffnet: hxxp://e. ligatus. com/LigatusFallback.gif?ids=34088 (Leerzeichen absichtlich eingebaut). Dabei handelt es sich um einen einzigen, weißen Pixel.

Ich habe bereits zwei weitere Threads mit selbigem Problem entdeckt:
http://www.trojaner-board.de/132879-...com-virus.html
http://www.trojaner-board.de/133944-...e-loesung.html

Interessant wäre anzumerken, dass ich das Problem heute morgen nicht mehr hatte. Stattdessen war mein WLAN-Adapter deaktiviert und ich musste ihn mit der Windows-Hilfe zurücksetzen. Meinen Router fand er erst, als ich mit meinem Laptop direkt vor ihm stand. Das hatte ich noch nie! Ob das in irgendeinem Zusammenhang steht, ich weiß es nicht. Habe dann ICQ absichtlich ausgelassen. Da ich mich damit aber nicht zufrieden gebe und mit ziemlicher Sicherheit gefährliche Programme ausschließen möchte, hab ich beschlossen, mich an euch zu wenden! Siehe: "Das Verschwinden der Symptome bedeutet nicht, dass der PC auch wirklich sauber ist." Meine Alternative wäre eine vollständig System-Neuaufsetzung.

Wie dem auch sein, hier meine Ergebnisse aus http://www.trojaner-board.de/69886-a...-beachten.html

Vielen Dank schon mal! Ich schätze eure Arbeit wirklich sehr und konnte mir hier schon vieles aneignen!


Schritt 1
Defogger hat keine Fehlermeldung ausgegeben, auch ein Neustart wurde nicht gefordert.

Schritt 2

OTL.txt
Code:
OTL logfile created on: 17.05.2013 10:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,28% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,46 Gb Free Space | 43,74% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013.05.03 19:29:48 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.15 18:22:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 18:21:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.14 14:23:47 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.01.11 15:11:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 15:10:21 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 15:10:18 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.01.11 15:09:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 15:09:48 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 15:09:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.07.10 20:51:08 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012.07.10 20:51:08 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012.07.10 20:51:08 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012.07.10 20:51:08 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012.07.10 20:51:07 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:07 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:07 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:07 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:07 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:07 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3693.42498__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2012.07.10 20:51:06 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012.07.10 20:51:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012.07.10 20:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.07.10 20:51:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.07.10 20:51:05 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.07.10 20:51:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012.07.10 20:51:05 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012.07.10 20:51:04 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012.07.10 20:51:04 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.07.10 20:51:04 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.07.10 20:51:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.07.10 20:51:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.07.10 20:51:03 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012.07.10 20:51:03 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.07.10 20:51:03 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.07.10 20:51:03 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.07.10 20:51:03 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.07.10 20:51:03 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012.07.10 20:51:03 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.07.10 20:51:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.07.10 20:51:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.07.10 20:51:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012.07.10 20:51:03 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012.07.10 20:51:03 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012.07.10 20:51:03 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012.07.10 20:51:02 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.07.10 20:51:02 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012.07.10 20:51:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2012.07.10 20:51:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.07.10 20:51:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.07.10 20:51:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.07.10 20:51:02 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012.07.10 20:51:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 16:11:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.04.12 17:22:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013.04.13 01:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.02.05 16:44:28 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.02.05 16:44:28 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.02.05 16:44:28 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.01 02:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130516.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 10:31:58 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.11 15:44:03 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012.04.18 04:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symnets.sys -- (SymNetS)
DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys -- (SymIRON)
DRV - [2011.12.13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys -- (SymDS)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 16 C3 49 17 F0 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.14.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.backup.ftp: "200.89.155.203"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.89.155.203"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.89.155.203"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "200.89.155.203"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "200.89.155.203"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.89.155.203"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "200.89.155.203"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.11 15:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013.05.17 10:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.06 16:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.10 18:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2013.05.08 19:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions
[2013.04.02 21:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.05 21:53:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\ich@maltegoetz.de
[2013.05.08 19:07:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.17 19:24:16 | 000,002,471 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\searchplugins\safesearch.xml
[2013.05.06 16:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.17 10:09:10 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN
[2012.07.11 15:44:50 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0422543C-2CBB-408C-99AE-684A0D413F2D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E398825B-550D-4530-90B6-CA72F60E7489}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell - "" = AutoRun
O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell - "" = AutoRun
O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 10:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.05.14 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\01 play3-Show 06-2013
[2013.05.09 11:14:22 | 000,000,000 | RH-D | C] -- C:\Users\Philipp\AppData\Roaming\SecuROM
[2013.05.09 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Electronic Arts
[2013.05.06 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.05.06 18:28:55 | 000,447,752 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Origin
[2013.05.06 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Origin
[2013.05.06 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.06 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013.05.04 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
[2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2013.05.04 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2013.04.18 16:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device
[2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.05.17 10:37:55 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013.05.17 10:35:47 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013.05.17 10:31:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 10:15:42 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 10:15:42 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 10:13:40 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 10:13:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 10:13:40 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 10:13:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 10:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 10:08:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 10:07:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 10:07:47 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 22:34:51 | 000,387,289 | ---- | M] () -- C:\Users\Philipp\Desktop\Unbenannt.png
[2013.05.16 12:28:25 | 013,949,173 | ---- | M] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3
[2013.05.15 18:20:43 | 000,436,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:34:32 | 136,507,586 | ---- | M] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3
[2013.05.15 16:33:21 | 234,977,676 | ---- | M] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3
[2013.05.14 10:37:14 | 015,049,642 | ---- | M] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf
[2013.05.10 16:48:35 | 000,001,136 | ---- | M] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk
[2013.05.06 18:27:38 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.05.06 18:25:24 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2013.05.06 16:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Philipp\Desktop\Origin.lnk
[2013.05.04 15:39:07 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat
[2013.04.30 23:14:13 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 10:37:55 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013.05.17 10:35:45 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013.05.16 22:34:51 | 000,387,289 | ---- | C] () -- C:\Users\Philipp\Desktop\Unbenannt.png
[2013.05.16 12:25:40 | 013,949,173 | ---- | C] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3
[2013.05.14 14:07:03 | 136,507,586 | ---- | C] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3
[2013.05.14 13:39:52 | 234,977,676 | ---- | C] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3
[2013.05.14 10:33:21 | 015,049,642 | ---- | C] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf
[2013.05.10 16:48:35 | 000,001,136 | ---- | C] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk
[2013.05.10 16:46:37 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.05.06 18:27:36 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.05.06 16:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Philipp\Desktop\Origin.lnk
[2013.05.04 15:39:07 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat
[2013.04.30 23:14:13 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.09.01 16:49:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 20:09:21 | 000,002,698 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel
[2012.07.12 18:59:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.12 18:59:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.07.11 14:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.19 09:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.04.19 08:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.04.19 08:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2012.04.19 08:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.07 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Amazon
[2012.09.02 16:59:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Audacity
[2013.04.18 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012.07.10 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.21 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HTC
[2013.05.16 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2012.07.12 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient
[2013.03.16 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mp3tag
[2012.08.08 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2013.05.09 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2012.09.23 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\pdfforge
[2012.08.18 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony
[2013.05.14 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Spotify
[2012.11.09 17:28:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2012.08.14 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2012.09.02 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
Extras
Code:
OTL Extras logfile created on: 17.05.2013 10:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,28% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,46 Gb Free Space | 43,74% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112D5523-102F-4858-91C0-147E5F9C1EA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{15C99FC5-541E-4075-943D-E0E414339735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1EEC5D51-13A8-4AD3-81BC-7AF09C482F10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{271F4A1E-ED84-4757-AEF6-FB5F694EBD66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C26D654-74FB-43D9-B767-E189E88C92FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CA90D9B-FD9D-485B-9525-7E5F199A7D3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{447C2355-3C8C-4933-91CC-6BAD7CE5A3B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACFC59-8F32-4090-8947-CCEC38447FAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5582B9D2-40B8-466F-9863-68FB76E72540}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B061F37-8F21-4997-90DB-8B0783E13814}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A562732-51DB-4AC7-B768-78A861A08EFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{80F321B8-78C7-407D-B489-526B2E00A267}" = lport=138 | protocol=17 | dir=in | app=system |
"{845C350C-ADE9-43F0-A919-A5201930465B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8937517C-BE00-4994-92AB-36EF61897A17}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A3E6FB7-F7BC-4E95-B5D6-5CDC59B5B253}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D47EB70-CD16-49A4-AAC9-B8740189EF87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B81717A2-5279-4137-B4E9-F1A32FBCFD5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C00A7B61-BB39-4DBC-A652-1933243CAF4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{C145BF46-D6B0-4461-8CCC-E0FAE4CFAD2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3D5597A-1911-4B5F-AC64-9BCD9DACC994}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA0D5A43-CD0E-4B1C-A785-A55BC893ECCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F2D2CAC6-9FCF-413D-888F-EE8173EE4A24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6396439-3A88-4835-9B58-225BAE1BDC43}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539C5D9-C96D-4C32-87C2-B9C320132379}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{13B552B1-E0AE-40EB-8311-9BD0358EF008}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{156FAE62-E997-40EA-9B55-2E24F5D78952}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{1613CCFC-5F2D-4339-848D-4AC9F4A7C784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19090D4B-9FD2-48A4-99C6-4AA1AEFEC26D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A15AD5C-B39F-457B-83E8-C788E9395DA7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1C7DD64C-A1B1-4D75-9765-0003D225087E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F842C06-6F6E-463B-B4D4-1E150DB61373}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2363E4B4-E2FE-43F2-A02A-7BB4BA5FC74E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A328493-1236-4B76-B687-EAA54A13B9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FBDEE85-60B5-4E60-9D5C-075EE53CE837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3769AED6-E113-4771-ABF5-DD6EA729F04A}" = dir=in | name=youtubecdn |
"{3806AA95-DFED-4F8D-B058-906135059F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1761F5-120A-4637-89BB-81196F3B2889}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F1215EE-4405-45B8-8413-660F805E8BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50349AA2-9A6F-44B3-BBDC-C008DCDAEBCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{566DC68B-42EE-4FB3-B6C3-C7B566D34C97}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{5F9E6C56-BF2F-455B-86EE-3AAEEC2274E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1C27D1-AFB5-430E-9CFA-99DBD8915945}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F52C18B-C019-4C5E-BE33-F580C2359238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FA5CF64-4980-4BB8-A94F-9BECA0B6A3CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7CB08A22-B870-439E-A29E-13135A791118}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0115E0-0EBF-43F8-A1F3-A41A178C478E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FADBECD-10F9-40A8-A719-5AE11DB41A1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{865D08F9-6A9E-4C1B-8F8E-55F6C9372C41}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98F84E52-9BA4-4035-96B2-ABAC11836CA3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{9F752237-AB26-4B86-867A-324A6BD8C7FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5089C7D-EECB-4430-8174-ABAF4528551F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AAC3FADF-3836-4BD8-9022-F222D4968FFC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ACCADBDE-9C5C-4824-AA9E-B32AE21D2D11}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE095EF9-E86F-4D6F-BE08-57CDBDB2F916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B3D3540D-DAD9-4A1C-858F-1E3895AA2D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D130F4-7009-4B81-BEB8-66A2BDD4CFE0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0FD0A48-6BD2-4CFD-BE34-3D378A141C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD6E3048-9549-4616-BFFE-1FA2BBC26F99}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{CF288D36-F1D1-4877-A98C-4F3E5C394E49}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{D84213EA-A57A-4643-9977-114629AD3EA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C8CB81-F3ED-4AF9-B3FD-9A6768A5B44F}" = protocol=6 | dir=out | app=system |
"{E4E34717-59B7-4D25-BFF6-2ED3BE19EB4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EBF3A48A-108D-4780-9926-7730F9B18120}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{FCDC3C63-21FB-4585-8444-AD13CB267188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{44F9F3EC-294F-4556-8609-A967F094A53A}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C0409DBF-E64F-4486-93BF-2DD2B4AB9B2C}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{3F06408D-1DFB-4920-AEEF-C092722903F6}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{FF68D683-7299-42F2-8C81-E83AA58FC703}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CCleaner" = CCleaner
"Europe MapleStory_is1" = Europe MapleStory
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NIS" = Norton Internet Security
"Origin" = Origin
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2013 14:49:18 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 11.05.2013 09:40:41 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 11.05.2013 10:27:07 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 11.05.2013 15:50:42 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.05.2013 15:50:43 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2495283
 
Error - 11.05.2013 15:50:43 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2495283
 
Error - 12.05.2013 04:32:19 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 14.05.2013 03:46:10 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 15.05.2013 08:49:25 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 15.05.2013 09:24:10 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 16.05.2013 05:40:32 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 25.11.2012 10:43:10 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.11.2012 08:27:20 | Computer Name = Computer | Source = DCOM | ID = 10010
Description =
 
Error - 05.12.2012 08:57:27 | Computer Name = Computer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?12.?2012 um 13:56:01 unerwartet heruntergefahren.
 
Error - 05.12.2012 15:14:22 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.12.2012 15:14:22 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.12.2012 15:14:23 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.12.2012 15:14:23 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.12.2012 15:14:24 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.12.2012 14:02:26 | Computer Name = Computer | Source = i8042prt | ID = 327720
Description = Beim Ermitteln der Gerätekennung der Maus ist ein Fehler aufgetreten.
 
Error - 06.12.2012 14:04:41 | Computer Name = Computer | Source = WMPNetworkSvc | ID = 866300
Description =
 
 
< End of report >

Schritt 3

Gmer.txt
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-17 11:39:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2200BH rev.0000000B 186,31GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pgddqpoc.sys


---- System - GMER 2.1 ----

SSDT    86400BC8                                  ZwAlertResumeThread
SSDT    86400CA8                                  ZwAlertThread
SSDT    864017F8                                  ZwAllocateVirtualMemory
SSDT    85C42178                                  ZwAlpcConnectPort
SSDT    86400370                                  ZwAssignProcessToJobObject
SSDT    86400918                                  ZwCreateMutant
SSDT    86400090                                  ZwCreateSymbolicLinkObject
SSDT    86401D00                                  ZwCreateThread
SSDT    86400180                                  ZwCreateThreadEx
SSDT    86400450                                  ZwDebugActiveProcess
SSDT    864019C8                                  ZwDuplicateObject
SSDT    864015B0                                  ZwFreeVirtualMemory
SSDT    86400A08                                  ZwImpersonateAnonymousToken
SSDT    86400AE8                                  ZwImpersonateThread
SSDT    85B31308                                  ZwLoadDriver
SSDT    864014B0                                  ZwMapViewOfSection
SSDT    86400838                                  ZwOpenEvent
SSDT    86401BA8                                  ZwOpenProcess
SSDT    864018E8                                  ZwOpenProcessToken
SSDT    86400678                                  ZwOpenSection
SSDT    86401AB8                                  ZwOpenThread
SSDT    86400280                                  ZwProtectVirtualMemory
SSDT    86400D88                                  ZwResumeThread
SSDT    86400008                                  ZwSetContextThread
SSDT    864012E0                                  ZwSetInformationProcess
SSDT    86400530                                  ZwSetSystemInformation
SSDT    86400758                                  ZwSuspendProcess
SSDT    86400E68                                  ZwSuspendThread
SSDT    85DF9220                                  ZwTerminateProcess
SSDT    86400F48                                  ZwTerminateThread
SSDT    864013D0                                  ZwUnmapViewOfSection
SSDT    864016A0                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwRollbackEnlistment + 140D  82C399A9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2    82C594F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntoskrnl.exe!KeRemoveQueueEx + 13A3      82C60778 5 Bytes  [C8, 0B, 40, 86, A8]
.text  ntoskrnl.exe!KeRemoveQueueEx + 13A9      82C6077E 2 Bytes  [40, 86]
.text  ntoskrnl.exe!KeRemoveQueueEx + 13BB      82C60790 4 Bytes  [F8, 17, 40, 86]
.text  ntoskrnl.exe!KeRemoveQueueEx + 13C7      82C6079C 4 Bytes  [78, 21, C4, 85]
.text  ntoskrnl.exe!KeRemoveQueueEx + 141B      82C607F0 4 Bytes  [70, 03, 40, 86]
.text  ...                                     
.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x9402A000, 0x267978, 0xE8000020]

---- Threads - GMER 2.1 ----

Thread  System [4:1144]                          A61E2F2E

---- EOF - GMER 2.1 ----
Vielen Dank! :applaus:

cosinus 17.05.2013 11:37
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

N3mesis 17.05.2013 11:59
Mein Antivirenprogramm (Norton) hat nicht Alarm geschlagen, was drüberlaufen lassen habe ich nicht. War gestern Abend schon spät und da hab ich nach mehrmaligem Aufpoppen des Links gegooglet, bin bei euch gelandet und hab lediglich die Schritte die oben aufgelistet sind, ausgeführt.
Ältere Logs habe ich keine.

Zu deiner Aufforderung "Posten in CODE-Tags": Hab ich da was falsch gemacht? Für mich sieht das korrekt aus ;)

cosinus 17.05.2013 12:14
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

N3mesis 17.05.2013 15:07
So, hier die Logfiles:

JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Philipp on 17.05.2013 at 15:46:38,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Philipp\AppData\Roaming\pdfforge"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml"
Successfully deleted: [File] C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\searchplugins\safesearch.xml
Successfully deleted: [Folder] C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\staged
Emptied folder: C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\minidumps [545 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2013 at 15:49:19,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner
Code:
# AdwCleaner v2.301 - Datei am 17/05/2013 um 15:50:22 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Philipp - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Philipp\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\6j1vn3ai.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\6j1vn3ai.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Silvana\AppData\Roaming\Mozilla\Firefox\Profiles\y1ecqtvh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1172 octets] - [17/05/2013 15:50:22]

########## EOF - C:\AdwCleaner[S1].txt - [1232 octets] ##########

OTL.txt
Code:
OTL logfile created on: 17.05.2013 15:55:16 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,46% Memory free
3,50 Gb Paging File | 2,82 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,43 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130516.001\IDSvix86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symnets.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 16 C3 49 17 F0 CD 01  [binary data]
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.14.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.backup.ftp: "200.89.155.203"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.89.155.203"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.89.155.203"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "200.89.155.203"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "200.89.155.203"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.89.155.203"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "200.89.155.203"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.11 15:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013.05.17 15:54:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.06 16:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.10 18:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2013.05.17 15:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions
[2013.04.02 21:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.05 21:53:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\ich@maltegoetz.de
[2013.05.08 19:07:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.06 16:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.17 15:54:18 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN
[2012.07.11 15:44:50 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001..\Run: [Spotify Web Helper] C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0422543C-2CBB-408C-99AE-684A0D413F2D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E398825B-550D-4530-90B6-CA72F60E7489}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell - "" = AutoRun
O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell - "" = AutoRun
O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 15:46:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.17 15:46:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.17 15:42:22 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Philipp\Desktop\JRT.exe
[2013.05.17 10:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.05.15 17:05:23 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 17:05:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 17:05:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 17:05:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 17:05:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 17:05:19 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 17:05:19 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 17:05:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 17:05:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 17:05:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 13:22:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 13:22:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 13:22:34 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 13:22:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 13:22:27 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.14 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\01 play3-Show 06-2013
[2013.05.09 11:14:22 | 000,000,000 | RH-D | C] -- C:\Users\Philipp\AppData\Roaming\SecuROM
[2013.05.09 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Electronic Arts
[2013.05.06 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.05.06 18:28:55 | 000,447,752 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2013.05.06 18:27:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Origin
[2013.05.06 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Origin
[2013.05.06 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.06 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013.05.04 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
[2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2013.05.04 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2013.04.30 23:14:14 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 23:14:14 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 23:14:13 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 23:14:13 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 23:14:13 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 23:14:13 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 23:14:13 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 23:14:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 23:14:13 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 23:14:13 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 23:14:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 23:14:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 23:14:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 23:14:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 23:14:13 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 23:14:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 23:14:13 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 23:14:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 23:14:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 23:14:13 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 23:14:13 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 23:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 23:14:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 23:14:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 23:14:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 23:14:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.18 16:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device
[2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 15:52:36 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 15:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 15:51:58 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 15:43:36 | 000,632,031 | ---- | M] () -- C:\Users\Philipp\Desktop\adwcleaner.exe
[2013.05.17 15:42:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 15:42:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 15:42:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Philipp\Desktop\JRT.exe
[2013.05.17 13:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 12:31:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 10:59:09 | 000,377,856 | ---- | M] () -- C:\Users\Philipp\Desktop\gmer_2.1.19163.exe
[2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013.05.17 10:37:55 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013.05.17 10:35:47 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013.05.17 10:13:40 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 10:13:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 10:13:40 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 10:13:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 22:34:51 | 000,387,289 | ---- | M] () -- C:\Users\Philipp\Desktop\Unbenannt.png
[2013.05.16 12:28:25 | 013,949,173 | ---- | M] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3
[2013.05.15 18:20:43 | 000,436,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:34:32 | 136,507,586 | ---- | M] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3
[2013.05.15 16:33:21 | 234,977,676 | ---- | M] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3
[2013.05.15 16:11:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:11:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.14 10:37:14 | 015,049,642 | ---- | M] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf
[2013.05.10 16:48:35 | 000,001,136 | ---- | M] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk
[2013.05.06 18:27:38 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.05.06 18:25:24 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2013.05.06 16:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Philipp\Desktop\Origin.lnk
[2013.05.04 15:39:07 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat
[2013.04.30 23:14:14 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 23:14:14 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 23:14:13 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 23:14:13 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 23:14:13 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 23:14:13 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 23:14:13 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 23:14:13 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 23:14:13 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 23:14:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 23:14:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 23:14:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 23:14:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 23:14:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 23:14:13 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 23:14:13 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 23:14:13 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 23:14:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 23:14:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 23:14:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 23:14:13 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 23:14:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 23:14:13 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 23:14:13 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 23:14:13 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.30 23:14:13 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 23:14:13 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 15:43:33 | 000,632,031 | ---- | C] () -- C:\Users\Philipp\Desktop\adwcleaner.exe
[2013.05.17 10:59:04 | 000,377,856 | ---- | C] () -- C:\Users\Philipp\Desktop\gmer_2.1.19163.exe
[2013.05.17 10:37:55 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013.05.17 10:35:45 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013.05.16 22:34:51 | 000,387,289 | ---- | C] () -- C:\Users\Philipp\Desktop\Unbenannt.png
[2013.05.16 12:25:40 | 013,949,173 | ---- | C] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3
[2013.05.14 14:07:03 | 136,507,586 | ---- | C] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3
[2013.05.14 13:39:52 | 234,977,676 | ---- | C] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3
[2013.05.14 10:33:21 | 015,049,642 | ---- | C] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf
[2013.05.10 16:48:35 | 000,001,136 | ---- | C] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk
[2013.05.10 16:46:37 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.05.06 18:27:36 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2013.05.06 16:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Philipp\Desktop\Origin.lnk
[2013.05.04 15:39:07 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat
[2013.04.30 23:14:13 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.09.01 16:49:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 20:09:21 | 000,002,698 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel
[2012.07.12 18:59:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.12 18:59:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.07.11 14:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.19 09:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.04.19 08:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.04.19 08:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2012.04.19 08:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt
Code:
OTL Extras logfile created on: 17.05.2013 15:55:16 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,46% Memory free
3,50 Gb Paging File | 2,82 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,43 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112D5523-102F-4858-91C0-147E5F9C1EA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{15C99FC5-541E-4075-943D-E0E414339735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1EEC5D51-13A8-4AD3-81BC-7AF09C482F10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{271F4A1E-ED84-4757-AEF6-FB5F694EBD66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C26D654-74FB-43D9-B767-E189E88C92FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CA90D9B-FD9D-485B-9525-7E5F199A7D3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{447C2355-3C8C-4933-91CC-6BAD7CE5A3B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACFC59-8F32-4090-8947-CCEC38447FAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5582B9D2-40B8-466F-9863-68FB76E72540}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B061F37-8F21-4997-90DB-8B0783E13814}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A562732-51DB-4AC7-B768-78A861A08EFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{80F321B8-78C7-407D-B489-526B2E00A267}" = lport=138 | protocol=17 | dir=in | app=system |
"{845C350C-ADE9-43F0-A919-A5201930465B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8937517C-BE00-4994-92AB-36EF61897A17}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A3E6FB7-F7BC-4E95-B5D6-5CDC59B5B253}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D47EB70-CD16-49A4-AAC9-B8740189EF87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B81717A2-5279-4137-B4E9-F1A32FBCFD5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C00A7B61-BB39-4DBC-A652-1933243CAF4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{C145BF46-D6B0-4461-8CCC-E0FAE4CFAD2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3D5597A-1911-4B5F-AC64-9BCD9DACC994}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA0D5A43-CD0E-4B1C-A785-A55BC893ECCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F2D2CAC6-9FCF-413D-888F-EE8173EE4A24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6396439-3A88-4835-9B58-225BAE1BDC43}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539C5D9-C96D-4C32-87C2-B9C320132379}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{13B552B1-E0AE-40EB-8311-9BD0358EF008}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{156FAE62-E997-40EA-9B55-2E24F5D78952}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{1613CCFC-5F2D-4339-848D-4AC9F4A7C784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19090D4B-9FD2-48A4-99C6-4AA1AEFEC26D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A15AD5C-B39F-457B-83E8-C788E9395DA7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1C7DD64C-A1B1-4D75-9765-0003D225087E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F842C06-6F6E-463B-B4D4-1E150DB61373}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2363E4B4-E2FE-43F2-A02A-7BB4BA5FC74E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A328493-1236-4B76-B687-EAA54A13B9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FBDEE85-60B5-4E60-9D5C-075EE53CE837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3769AED6-E113-4771-ABF5-DD6EA729F04A}" = dir=in | name=youtubecdn |
"{3806AA95-DFED-4F8D-B058-906135059F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1761F5-120A-4637-89BB-81196F3B2889}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F1215EE-4405-45B8-8413-660F805E8BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50349AA2-9A6F-44B3-BBDC-C008DCDAEBCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{566DC68B-42EE-4FB3-B6C3-C7B566D34C97}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{5F9E6C56-BF2F-455B-86EE-3AAEEC2274E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1C27D1-AFB5-430E-9CFA-99DBD8915945}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F52C18B-C019-4C5E-BE33-F580C2359238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FA5CF64-4980-4BB8-A94F-9BECA0B6A3CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7CB08A22-B870-439E-A29E-13135A791118}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0115E0-0EBF-43F8-A1F3-A41A178C478E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FADBECD-10F9-40A8-A719-5AE11DB41A1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{865D08F9-6A9E-4C1B-8F8E-55F6C9372C41}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98F84E52-9BA4-4035-96B2-ABAC11836CA3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{9F752237-AB26-4B86-867A-324A6BD8C7FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5089C7D-EECB-4430-8174-ABAF4528551F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AAC3FADF-3836-4BD8-9022-F222D4968FFC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ACCADBDE-9C5C-4824-AA9E-B32AE21D2D11}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE095EF9-E86F-4D6F-BE08-57CDBDB2F916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B3D3540D-DAD9-4A1C-858F-1E3895AA2D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D130F4-7009-4B81-BEB8-66A2BDD4CFE0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0FD0A48-6BD2-4CFD-BE34-3D378A141C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD6E3048-9549-4616-BFFE-1FA2BBC26F99}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{CF288D36-F1D1-4877-A98C-4F3E5C394E49}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{D84213EA-A57A-4643-9977-114629AD3EA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C8CB81-F3ED-4AF9-B3FD-9A6768A5B44F}" = protocol=6 | dir=out | app=system |
"{E4E34717-59B7-4D25-BFF6-2ED3BE19EB4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EBF3A48A-108D-4780-9926-7730F9B18120}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{FCDC3C63-21FB-4585-8444-AD13CB267188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{44F9F3EC-294F-4556-8609-A967F094A53A}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C0409DBF-E64F-4486-93BF-2DD2B4AB9B2C}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{3F06408D-1DFB-4920-AEEF-C092722903F6}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{FF68D683-7299-42F2-8C81-E83AA58FC703}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CCleaner" = CCleaner
"Europe MapleStory_is1" = Europe MapleStory
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NIS" = Norton Internet Security
"Origin" = Origin
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 17.05.2013 09:52:38 | Computer Name = Computer | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{0422543C-2CBB-408C-99AE-684A0D413F2D} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 17.05.2013 09:52:38 | Computer Name = Computer | Source = NetBT | ID = 4321
Description = Der Name "COMPUTER      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.3  registriert werden. Der Computer mit IP-Adresse 192.168.1.4
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >

cosinus 17.05.2013 15:55
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


N3mesis 17.05.2013 21:11
MalwareBytes-Logfile

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.17.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Philipp :: COMPUTER [Administrator]

17.05.2013 18:09:33
mbam-log-2013-05-17 (18-09-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379926
Laufzeit: 2 Stunde(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset-Logfile
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8442edead8e2554dabc4be6cfe16f978
# engine=13853
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-17 07:43:17
# local_time=2013-05-17 09:43:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 99 303054 131416382 0 0
# compatibility_mode=5893 16776574 100 94 26873822 120450988 0 0
# scanned=160171
# found=0
# cleaned=0
# scan_time=5159
Danke! :)

Edit: Eset hab ich im Anschluss wieder entfernt.

cosinus 17.05.2013 21:14
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

N3mesis 18.05.2013 13:07
Die Probleme sind nicht mehr aufgetreten, auch unter ICQ nicht. Deinen Tipp zu den Cookies werde ich mir zu Herzen nehmen!
Ansonsten läuft das System rund.

Weißt du denn, ob es sich tatsächlich um einen Virus o.Ä. gehandelt hat, oder waren die Maßnahmen alle eher "ins Blaue", nach dem Motto: "Wenn es was Schädliches war, müsste es nach der Keule definitiv weg sein."?

Kann, bzw. soll ich die ganzen Programme (defogger, gmer, OTL, JRT, adwCleaner und MalwareBytes) einfach ganz normal deinstallieren, oder muss ich was beachten? Welche von denen machen für einen Laien auch ohne professionelle Anleitung noch Sinn (bspw. MalwareBytes)?

Nochmals allerbesten Dank! Ihr seid echt klasse! :applaus:

cosinus 19.05.2013 02:28
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

N3mesis 19.05.2013 13:25
Vielen, vielen Dank! Ihr seid spitze! :) :) :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19