Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 4viren/trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.03.2013, 08:59   #1
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Hallo, ich habe 4 verschiedene Viren/ Trojaner die mir angezeigt werden
Exp/CVE-2013-0422.A.130
Exp/Java.A.391
Tr/Injector.aoq
Tr/Dldr.Dofoil.R.537

Die sind jetzt von Antivir in Quarantäne. Was
Sollte ich noch tun?
Kann mich auch nicht über den befallenen Computer bei euch einloggen.

Danke für eure Hilfe
Kerry

Alt 18.03.2013, 13:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Hallo und

Zitat:
Hallo, ich habe 4 verschiedene Viren/ Trojaner die mir angezeigt werden
Exp/CVE-2013-0422.A.130
Exp/Java.A.391
Tr/Injector.aoq
Tr/Dldr.Dofoil.R.537
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.03.2013, 14:06   #3
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Code:
ATTFilter
Exportierte Ereignisse:

16.03.2013 19:00 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Kerry\AppData\Local\Temp\jar_cache522134492741500997.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-0422.A.130' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59b012df.qua' 
      verschoben!

16.03.2013 19:00 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Kerry\AppData\Local\Temp\jar_cache2435552027051016967.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.A.391' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41273d78.qua' 
      verschoben!

09.03.2013 14:54 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Kerry\AppData\Local\Microsoft\Windows Live Mail\Gmx (sista. 
      165\Deleted Items\381B673B-000030EA.eml'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Injector.aoq' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b39f8c.qua' 
      verschoben!

09.03.2013 12:21 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Kerry\AppData\Local\Temp\6XFptEI.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Dofoil.R.537' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d4e8ab8.qua' 
      verschoben!

09.03.2013 12:20 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://21.cedrictherealtor.com/news/algorithms_creates-sides.php"
      wurde ein Virus oder unerwünschtes Programm 'JS/Blacole.KH.4' [virus] gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.03.2013 12:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Kerry\AppData\Local\Temp\6XFptEI.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Dofoil.R.537' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.03.2013 12:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Kerry\AppData\Local\Temp\6XFptEI.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Dofoil.R.537' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.03.2013 11:27 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://fettabbau.allalla.com/wp-content/themes/healthyweight/script.js"
      wurde ein Virus oder unerwünschtes Programm 'HTML/TwitScroll.A' [virus] 
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.03.2013 11:27 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://fettabbau.allalla.com/wp-content/plugins/traffic-counter-widget/wp-wtc-a
      jax.js?ver=3.5.1"
      wurde ein Virus oder unerwünschtes Programm 'HTML/TwitScroll.A' [virus] 
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.03.2013 11:27 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://fettabbau.allalla.com/wp-includes/js/comment-reply.min.js?ver=3.5.1"
      wurde ein Virus oder unerwünschtes Programm 'HTML/TwitScroll.A' [virus] 
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.03.2013 11:27 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://fettabbau.allalla.com/wp-includes/js/jquery/jquery.js?ver=1.8.3"
      wurde ein Virus oder unerwünschtes Programm 'HTML/TwitScroll.A' [virus] 
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
         
So müsste es hoffentlich stimmen.
__________________

Alt 18.03.2013, 14:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.03.2013, 16:12   #5
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Vielen Lieben Dank für die Hilfe soweit:
Ich hoffe das ist es was du brauchst.
Ich hab wenig Ahnung, aber das Forum ist Super erklärt.
Code:
ATTFilter
OTL logfile created on: 18.03.2013 15:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kerry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 65,01% Memory free
7,93 Gb Paging File | 6,18 Gb Available in Paging File | 77,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 380,79 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
 
Computer Name: KERRY-VAIO | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kerry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusService.exe (Ipsos)
PRC - C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusNet.exe (Ipsos)
PRC - C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe (CallingID Ltd.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kerry\AppData\Local\Panel+\service\TrotiNet.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\44700e64c32d11d6b2147fd87dbfd761\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 83 D4 8D DA 63 CA 01  [binary data]
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes,DefaultScope = {3E9F0EAF-8E48-4C01-92B3-9D5F1A9F1A7D}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{3E3C112D-2545-4C96-8F7B-D28C86ACDB03}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{3E9F0EAF-8E48-4C01-92B3-9D5F1A9F1A7D}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE353
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{4C94BDDB-9BF4-48C6-86DF-1F0F45F63151}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{6553E8FD-8FA2-44C1-A8B3-717E57FFA0CD}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{75FFA669-6BDD-4368-BC19-F31A4B86242D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{DE344921-2CE6-4FEB-8D6C-DCC5FD85B971}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAGS&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_uid=d92fe314-9bbf-48fc-92a8-d585cafe31b4&apn_sauid=0CD86D4F-F2C2-46EA-B861-0DCFE76DFCEC
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{FA3614B8-1CDC-41C3-9F70-8282748AF3FB}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:44413
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MoneyMillionaire/npdf: C:\ProgramData\Rabatt-Finder\FFExtension20130221120752\plugins\npdf.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@IpsosPanelPlus@ipsosinteractive.com: C:\Users\Kerry\AppData\Local\Panel+\toolbar_ff\plugins\npIpsosCommPlugin.dll (IDM)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discountfinder@moneymillionaire.com: C:\ProgramData\Rabatt-Finder\FFExtension20130221120752 [2013.03.16 16:28:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.29 08:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 08:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.11 19:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\IpsosPanelPlus@ipsosinteractive.com: C:\Users\Kerry\AppData\Local\Panel+\toolbar_ff\ [2013.03.12 12:39:27 | 000,000,000 | ---D | M]
 
[2010.03.11 14:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\Extensions
[2013.03.16 17:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\Firefox\Profiles\ubm6n0lk.default\extensions
[2013.03.16 17:28:03 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Kerry\AppData\Roaming\mozilla\Firefox\Profiles\ubm6n0lk.default\extensions\toolbar@ask.com
[2013.03.16 17:31:54 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\extensions\toolbar@web.de.xpi
[2012.08.06 15:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.18 08:10:41 | 000,002,413 | ---- | M] () -- C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\searchplugins\askcom.xml
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.06.01 16:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 17:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-416463588-351850769-2308339816-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-416463588-351850769-2308339816-1000..\Run: [Panel+] C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusService.exe (Ipsos)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kerry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f813e4ca-e774-11df-a751-0024be7963a5}\Shell - "" = AutoRun
O33 - MountPoints2\{f813e4ca-e774-11df-a751-0024be7963a5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.03.17 15:08:45 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Dropbox
[2013.03.16 17:00:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.03.16 16:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\gubu
[2013.03.13 19:22:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 19:22:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 19:22:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 19:22:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 19:22:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 19:22:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 19:22:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 19:22:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 19:22:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 19:22:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 19:22:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 19:22:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 19:22:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 19:22:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 19:22:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 12:39:28 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Panel+
[2013.03.12 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panel+
[2013.03.12 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\Panel+
[2013.03.11 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.04 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Thunderbird
[2013.03.04 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\Thunderbird
[2013.03.02 12:58:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013.03.02 12:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 12:38:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.03.02 12:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.28 18:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Avira
[2013.02.28 18:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.28 18:35:12 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\DoNotTrackPlus
[2013.02.28 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\AskToolbar
[2013.02.28 18:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.02.28 18:33:56 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.28 18:33:56 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.28 18:33:56 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.28 18:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.27 13:54:19 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 13:54:19 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 13:54:19 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 13:54:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 13:54:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 13:54:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 13:54:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 13:54:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 13:54:05 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 13:54:05 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 13:54:05 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 13:54:05 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 13:54:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 13:54:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 13:54:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 13:54:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 13:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 13:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 13:54:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 13:54:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 13:54:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 13:54:04 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 13:54:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 13:54:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 13:54:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 13:54:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 13:54:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 13:54:03 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 13:54:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 13:54:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 13:54:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 13:54:03 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 13:54:03 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 15:53:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 15:53:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 15:43:41 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.18 15:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 15:43:22 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 14:16:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.18 14:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 15:10:53 | 000,000,999 | ---- | M] () -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.17 14:23:42 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.17 14:23:42 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.17 14:23:42 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.17 14:23:42 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.17 14:23:42 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.13 12:09:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 12:09:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.07 20:27:32 | 000,023,812 | ---- | M] () -- C:\Users\Kerry\AppData\Roaming\UserTile.png
[2013.03.07 18:49:01 | 000,118,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.04 18:51:33 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.03.02 12:38:48 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 18:35:14 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.28 18:25:48 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.28 18:25:48 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.28 18:25:47 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.17 15:09:19 | 000,000,999 | ---- | C] () -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.07 18:49:01 | 000,118,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.04 18:51:33 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.04 18:51:33 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.03.02 12:58:06 | 000,023,812 | ---- | C] () -- C:\Users\Kerry\AppData\Roaming\UserTile.png
[2013.03.02 12:38:48 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 18:35:14 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.04 16:14:51 | 000,160,256 | ---- | C] () -- C:\Users\Kerry\AppData\Roaming\ldr.mcb
[2011.12.23 17:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.23 16:59:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.12.23 16:59:47 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Chiller
[2011.12.23 16:59:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.23 16:59:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Channel
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Carbon
[2011.12.23 16:59:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.23 16:59:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.23 16:59:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.12.23 16:59:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.17 18:32:16 | 000,000,000 | -HSD | M] -- C:\Users\Kerry\AppData\Roaming\.#
[2012.10.10 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\1&1 Mail & Media GmbH
[2013.03.18 15:45:16 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\Dropbox
[2011.12.23 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\Nikon
[2013.03.12 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\Panel+
[2013.03.04 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\Thunderbird
[2009.11.15 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kerry\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 18.03.2013 15:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kerry\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 65,01% Memory free
7,93 Gb Paging File | 6,18 Gb Available in Paging File | 77,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 380,79 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
 
Computer Name: KERRY-VAIO | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DB0B490-59E1-4A8D-A80C-1BF0CD8070C8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{299FB7C3-81E8-45C1-B82E-5D3540DE3609}" = lport=138 | protocol=17 | dir=in | app=system | 
"{390B84D4-DD16-4CE6-ACD6-FBB4AE3839A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D733DFC-CC0D-4822-B9DD-C6B4DCE7D249}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42A19CDC-11B4-4DE3-AF50-ADE152182A44}" = rport=137 | protocol=17 | dir=out | app=system | 
"{517A6CFF-0199-4D77-9138-58E12FEB3F49}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BA33608-C331-49DF-BD81-E3C000BDB1AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C9DD6F2-7B1D-474C-B764-3C8E1E25B5E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D2579D6-8274-4FFE-94CD-B9A7CFF305EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8565D8C3-A43C-4A95-8AF6-97615DD63E5B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8754FFF0-21AE-4DEC-B58A-4B254BE91907}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{87A6583A-93E8-4C61-8EC7-86CDD079EAE0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8A9EFD32-B1CC-446C-B827-6F5E89EA50DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3262A0D-7683-4E2B-875B-DEE40438B072}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7025CDC-58C2-41B6-861E-DD3A8C2DB259}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AC7254E2-5497-47FF-A570-B75DC3303D36}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AEA247E8-8ECB-48DB-9579-3282C805AA4B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B52F0135-A504-4D8A-A7EC-A269490566F0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BBB4F702-35F6-4D8C-A3F1-18AB8FEDA619}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BCAD2D7C-1D53-42F5-AC79-1577F4D66C27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C8ACE535-F211-4BA2-B0A0-3E9AA97CF4CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EA87DA2D-F417-439D-B0FF-FEB98D5D74A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3EF79D8-F25A-453D-B6D8-E37D11CF53DF}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0709ACE7-DC1E-4C90-A44D-27F671EA2BFC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{08BFE306-A853-4FC9-B177-600B6C523E73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09283CFF-4695-4F6D-9F91-D4309CD67149}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{165360EA-5179-43F8-A77E-F1D2F20AAA4C}" = protocol=17 | dir=in | app=c:\users\kerry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2979E06C-6966-4182-920B-9A91AAE1E385}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{338948FB-A406-41F6-90D2-F49594751830}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34C435B2-47C3-4523-A806-9677BCDB70DD}" = protocol=6 | dir=out | app=system | 
"{37A5E0CE-D712-453B-9511-E02A17F16063}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{452EE7E6-A135-4465-94CE-FD816FD45D8C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{4FB6F50F-4203-4D1B-B21A-8D9BB94BC5E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{613EEC22-8DBD-43F1-B107-5B5657B71795}" = dir=in | app=c:\programdata\rabatt-finder\main.exe | 
"{6B244726-53B4-4F0F-8074-924B87612083}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{723000B0-19BA-4CE9-BB6A-5E07E0AE8AA3}" = protocol=17 | dir=in | app=c:\programdata\rabatt-finder\dfservice.exe | 
"{766F90BF-3277-439C-824F-51D6301F56BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{77390EE8-8A90-4E93-89D5-EFF44E3BFA1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8023842E-4CAA-4D4A-BF70-BF2F00C10540}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{856FA78E-58B9-4E49-96E9-87EFB3A6E165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F8514A6-4FD6-407E-BA93-74117CA98042}" = protocol=6 | dir=in | app=c:\programdata\rabatt-finder\dfservice.exe | 
"{AF7EEFD6-26ED-4F71-9695-403FFEC3B8FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B3FD5389-78FD-437D-B301-E7858374432E}" = dir=in | app=c:\programdata\rabatt-finder\dfservice.exe | 
"{B433E5CF-CF0E-4376-8872-F7B27FFB8FD8}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{B55D5C2A-0092-4F2D-B5C8-C2BE6E7E2ACF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B907BED6-FFEF-428B-94CF-880081B6F9D4}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{BE076250-61B1-46C4-AAEB-CB6C8D1F9F13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C61317BC-FEB9-42CE-967B-E00F2DF7E259}" = protocol=6 | dir=in | app=c:\users\kerry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C965FD3F-3462-4A49-A4F0-2CCC79502211}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D01924EB-C3AD-4B62-9B3A-268338FED1B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D0280B14-CDE6-48B6-8BC8-8A491E57922D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D187AAA5-4501-4C9A-A360-68075125F497}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D19F5814-40B3-46F2-936B-0C67429A6936}" = protocol=6 | dir=in | app=c:\programdata\rabatt-finder\main.exe | 
"{D436709B-9ACD-4A10-A7CC-8372065CF7FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6DF0B35-35C1-4DC7-8A95-AA1C52506732}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D74371A6-539F-4412-92C8-3DC4C3807514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB7CC699-5D51-47AE-940D-B9A43D7C4084}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DD75090E-1C6E-4A41-AD56-7E02820FEC05}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DED22738-3646-462C-8B3A-81E7E87AE317}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DF28C2CB-E77C-4C8E-A371-5DB2588128DE}" = protocol=17 | dir=in | app=c:\programdata\rabatt-finder\main.exe | 
"{E5E6BB22-0923-4372-B018-7FEFC02DE5B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8C6F6A3-7D6F-4CE9-A6E4-290E515C47D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA386F0C-E443-4629-91BA-3BE5C374FB37}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F686A633-62D7-4490-97C1-98940D53FAE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{03BBE368-99AF-480B-81DB-51AD4F813C19}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{2045E8CE-FA6E-43B4-AA9C-449979618714}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"TCP Query User{8E154CF3-D434-499F-B9D0-B8D2373982D2}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe | 
"TCP Query User{C7F544BE-1117-40BC-8E60-48DCED14D153}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{16219713-A118-4ECA-8129-E5D13F879A41}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{2FD42146-D939-4F45-82AA-0166EFA310AD}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"UDP Query User{6A6ACB92-8F9B-45AE-8590-45E01523A247}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{8B639A31-2559-40D5-BB21-AFDFD9556E29}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{03BCB819-8680-45D9-A04E-B19A11F887DB}" = Panel+
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"splashtop" = VAIO Quick Web Access
"VAIO Help and Support" = 
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.03.2013 11:25:41 | Computer Name = Kerry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6459
 
Error - 16.03.2013 11:30:32 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 16.03.2013 12:53:32 | Computer Name = Kerry-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "DiscountfinderService" konnte nicht
 neu gestartet werden.
 
Error - 17.03.2013 06:27:43 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 17.03.2013 06:30:59 | Computer Name = Kerry-VAIO | Source = Application Error | ID = 1000
Error - 17.03.2013 07:42:47 | Computer Name = Kerry-VAIO | Source = Application 
Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470, Zeitstempel: 0x510c8801
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x023bddd8
ID des fehlerhaften Prozesses: 0x1948
Startzeit der fehlerhaften Anwendung: 0x01ce230487afab68
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: c967acdf-8ef7-11e2-8bd4-0024be7963a5
Error - 17.03.2013 11:58:15 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error - 17.03.2013 11:59:53 | Computer Name = Kerry-VAIO | Source = Application 
Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.0.0.0, Zeitstempel: 0x513e78d1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x26e903ea
ID des fehlerhaften Prozesses: 0xacc
Startzeit der fehlerhaften Anwendung: 0x01ce2327e2fde95b
Pfad der fehlerhaften Anwendung: C:\Users\Kerry\AppData\Roaming\Dropbox\bin\Dropbox.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: b454b48f-8f1b-11e2-8ac2-0024be7963a5
Error - 18.03.2013 03:02:39 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000)
Error - 18.03.2013 03:02:40 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error - 18.03.2013 04:06:26 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error - 18.03.2013 07:13:17 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error - 18.03.2013 08:51:21 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error - 18.03.2013 10:46:15 | Computer Name = Kerry-VAIO | Source = VzCdbSvc | ID
 = 7
 
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
 
Error encountered while reading event logs.
 
< End of report >
         


Alt 18.03.2013, 16:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> 4viren/trojaner

Alt 18.03.2013, 17:35   #7
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Hallo, ich glaube mein Notebook hat sich beim letzten Schritt "dem cleanup" aufgegangen.
Das Programm sagt "creating System Restore Punkt" oder ist es normal das das schon eine halbe Stunde dauert? Nach Neustart wurde ich noch nicht gefragt.
Soll ich währenddessen Neustarten?

Geändert von Kerry (18.03.2013 um 17:49 Uhr)

Alt 18.03.2013, 22:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Hängt MBAR immer noch?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 07:01   #9
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Ja es hatte sich nach 1 1/2 Stunden nix verändert. Es gab einen Fund, aber bei der Bereiniegung hat es gehakt.
Hab den Computer dann versucht runter zu fahren, das hat aber mit späterer Fehlermeldung "bluescreen" nicht funktioniert. Fehlermeldung kam nachdem er sich selbst neu hochgefahren hatte.
Soll ich das Programm nochmal starten? Oder andere Schritte anwenden.
Lieben Gruß
Kerry

Alt 19.03.2013, 12:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Hat MBAR ein Log erzegt? Wenn ja bitte posten
Wenn nicht bitte nochmal durchlaufen lassen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 12:40   #11
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerry :: KERRY-VAIO [administrator]

18.03.2013 17:14:27
mbar-log-2013-03-18 (17-14-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31764
Time elapsed: 19 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Kerry\AppData\Roaming\ldr.mcb (Rootkit.0Access.ED) -> Delete on reboot.

(end)
         

Ja hat es!!! Puh.
Soll ich das Programm dann jetzt nach dem Fund nochmal laufen lassen ? Wurde ja empfohlen, nach einem Fund.

Alt 19.03.2013, 12:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Hm, so wirklich nach ZeroAccess sieht mir das Teil aber nicht aus.
Mach bitte einen neuen Durchgang mit MBAR
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 13:23   #13
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



Au wei ...
was sagst du dazu? A vira warnt mich schonwieder.
Aber das Neustarten hat diesmal von selbst geklappt.
hier bitte:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerry :: KERRY-VAIO [administrator]

19.03.2013 13:12:12
mbar-log-2013-03-19 (13-12-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31744
Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Kerry\AppData\Roaming\ldr.mcb (Rootkit.0Access.ED) -> Delete on reboot.

(end)
         

Avira sagt das ich einen Scan machen soll. Soll ich?

Alt 19.03.2013, 13:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner



Nein, was ist eigentlich mit GMER?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 14:05   #15
Kerry
 
4viren/trojaner - Standard

4viren/trojaner



ach ja sorry


Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-18 16:33:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Kerry\AppData\Local\Temp\fgtyqpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     00000000767a1465 2 bytes [7A, 76]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000767a14bb 2 bytes [7A, 76]
.text  ...                                                                                                                                                  * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337512d1                                                                          
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337512d1 (not active ControlSet)                                                      

---- EOF - GMER 2.1 ----
         

Antwort

Themen zu 4viren/trojaner
angezeigt, antivir, compu, computer, exp/java.a.391, html/twitscroll.a, js/blacole.kh.4, tr/dldr.dofoil.r.537, tr/injector.aoq, troja, trojaner, verschiedene




Zum Thema 4viren/trojaner - Hallo, ich habe 4 verschiedene Viren/ Trojaner die mir angezeigt werden Exp/CVE-2013-0422.A.130 Exp/Java.A.391 Tr/Injector.aoq Tr/Dldr.Dofoil.R.537 Die sind jetzt von Antivir in Quarantäne. Was Sollte ich noch tun? Kann mich auch - 4viren/trojaner...
Archiv
Du betrachtest: 4viren/trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.