Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon E-mail mit Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2013, 19:38   #1
seepferd10
 
Groupon E-mail mit Virus - Ausrufezeichen

Groupon E-mail mit Virus



Guten Abend liebe Helfer,
ich habe dasselbe Problem wie ein anderes Mitglied und mir über eine E-mail (die angeblich von Groupon kam) einen Virus eingefangen.
Habe mir Malwarebytes heruntergeladen und scanne gerade meinen PC. Wie muss ich danach weiter vorgehen?

Bitte, bitte helft mir, ich bin hier am Verzweifeln...

Alt 08.03.2013, 19:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Hallo und

Zitat:
Wie muss ich danach weiter vorgehen?
Erstmal das Log von MBAM posten wenn es durch ist
__________________

__________________

Alt 08.03.2013, 20:04   #3
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Hallo und vielen lieben Dank schonmal im Voraus:
hier das Log:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.03.08.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Angie :: ANGIE-PC [Administrator]

Schutz: Deaktiviert

08.03.2013 19:25:42
MBAM-log-2013-03-08 (20-03-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349993
Laufzeit: 37 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Angie\AppData\Local\Temp\nmrcysyblk.pre (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Angie\AppData\Local\Temp\{13CB3-8DF868-8DFC68} (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Angie\AppData\Local\Temp\nbbzhszrrn.pre (Trojan.Downloader.Gen) -> Keine Aktion durchgeführt.

(Ende)
__________________

Alt 08.03.2013, 20:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.03.2013, 10:25   #5
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Hallo

anbei die beide Logfiles:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.03.2013 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,15% Memory free
15,89 Gb Paging File | 13,66 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 572,01 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,15 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Angie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8c4058d017d39a61458f635112f4e394\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://lenovo.msn.comhxxp://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://lenovo.msn.comhxxp://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_deDE463
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 19:16:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 19:16:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.25 01:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions
[2013.01.17 22:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\fuyv1had.default\extensions
[2013.01.17 22:38:23 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\extensions\toolbar@web.de.xpi
[2013.01.17 22:38:41 | 000,000,911 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\searchplugins\11-suche.xml
[2013.01.17 22:38:41 | 000,002,273 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\searchplugins\englische-ergebnisse.xml
[2013.01.17 22:38:41 | 000,010,563 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\searchplugins\gmx-suche.xml
[2013.01.17 22:38:41 | 000,002,432 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\searchplugins\lastminute.xml
[2013.01.17 22:38:41 | 000,005,545 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\mozilla\firefox\profiles\fuyv1had.default\searchplugins\webde-suche.xml
[2013.03.08 17:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 14:24:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 14:57:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 18:53:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 14:57:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 14:57:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 14:57:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 14:57:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3608109509-268345042-4062137763-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\windows\SysNative\xrWCbgnd.dll (Xerox Corporation)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3608109509-268345042-4062137763-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF970BE0-B4AD-4DB8-8944-57D614EFDF40}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf592c49-7903-11e1-9d6b-dc0ea16e029f}\Shell - "" = AutoRun
O33 - MountPoints2\{cf592c49-7903-11e1-9d6b-dc0ea16e029f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 19:25:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.08 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2013.03.08 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.08 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.08 17:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.08 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Programs
[2013.03.08 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Syiliv
[2013.03.08 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Qiyzne
[2013.03.08 14:40:47 | 000,091,136 | ---- | C] (Exiland Software) -- C:\Users\Angie\AppData\Roaming\KB00266615.exe.DAT
[2013.03.08 14:32:12 | 000,000,000 | -H-D | C] -- C:\Users\Angie\AppData\Roaming\109A5C2F
[2013.03.08 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Ufex
[2013.03.08 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Ilonuk
[2013.03.08 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Icybv
[2013.03.07 22:23:15 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Smprc
[2013.03.04 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Angie\Desktop\Wohnung
[2013.02.27 15:07:28 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013.02.27 15:07:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 15:07:28 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013.02.27 15:07:28 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013.02.27 15:07:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013.02.27 15:07:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013.02.27 15:07:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013.02.27 15:07:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 15:07:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 15:07:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 15:07:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 15:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 15:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 15:07:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 15:07:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 15:07:18 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013.02.27 15:07:18 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013.02.27 15:07:18 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 15:07:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 15:07:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 15:07:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 15:07:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 15:07:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 15:07:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 15:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 15:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 15:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 15:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 15:07:17 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013.02.27 15:07:17 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013.02.27 15:07:17 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013.02.27 15:07:17 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013.02.27 15:07:17 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013.02.27 15:07:17 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013.02.27 15:07:17 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013.02.27 15:07:17 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013.02.27 15:07:17 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013.02.27 15:07:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013.02.27 15:07:16 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013.02.27 15:07:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013.02.27 15:07:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013.02.27 14:12:58 | 000,000,000 | ---D | C] -- C:\Users\Angie\Documents\Wohnung
[2013.02.20 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 14:08:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.02.13 14:08:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.02.13 14:08:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.02.13 14:08:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.02.13 14:08:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.02.13 14:08:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.02.13 14:08:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.02.13 14:08:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.02.13 14:08:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.02.13 14:08:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.02.13 14:08:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.02.13 14:08:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.02.13 14:08:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.02.13 14:08:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.02.13 14:08:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.02.13 10:59:59 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.13 10:59:59 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.13 10:59:59 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.13 10:59:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.13 10:59:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.13 10:59:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.13 10:59:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.13 10:59:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.13 10:59:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.13 10:59:53 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 10:18:44 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 10:18:44 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 10:17:45 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.09 10:17:45 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.09 10:17:45 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.09 10:17:45 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.09 10:17:45 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.09 10:12:31 | 000,454,994 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.03.09 10:11:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.09 10:10:41 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 19:25:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.08 19:21:12 | 517,650,140 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.03.08 14:51:48 | 000,091,136 | ---- | M] (Exiland Software) -- C:\Users\Angie\AppData\Roaming\KB00266615.exe.DAT
[2013.02.17 14:55:42 | 000,187,743 | ---- | M] () -- C:\Users\Angie\Desktop\PM_16.02.13.jpg
[2013.02.17 04:33:40 | 000,710,624 | ---- | M] () -- C:\Users\Angie\Desktop\IMAG0584.jpg
[2013.02.14 12:20:47 | 000,428,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.08 19:25:07 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.17 14:55:41 | 000,187,743 | ---- | C] () -- C:\Users\Angie\Desktop\PM_16.02.13.jpg
[2013.02.17 14:48:57 | 000,710,624 | ---- | C] () -- C:\Users\Angie\Desktop\IMAG0584.jpg
[2012.03.28 14:51:21 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012.03.28 14:51:21 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012.03.28 14:51:18 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2012.03.28 14:50:10 | 000,000,080 | ---- | C] () -- C:\windows\Brownie.ini
[2011.12.30 13:58:27 | 002,681,344 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll
[2011.11.29 10:21:22 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.29 10:21:22 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.29 10:04:39 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.29 10:04:39 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.29 10:04:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.29 10:04:39 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.29 10:04:33 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.29 09:55:18 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011.11.29 09:55:18 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011.11.29 09:52:20 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.29 09:43:32 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.11.29 09:39:57 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.11.29 09:38:48 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.11.29 09:35:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.11.29 09:35:37 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.11.29 09:35:37 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.03.28 13:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.08 17:28:14 | 000,000,000 | -H-D | M] -- C:\Users\Angie\AppData\Roaming\109A5C2F
[2012.01.24 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Amazon
[2012.06.26 08:35:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited
[2013.03.08 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Icybv
[2013.03.08 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ilonuk
[2012.04.20 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Phase6
[2013.03.08 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Qiyzne
[2013.03.08 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Smprc
[2012.07.06 09:44:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Swiss Academic Software
[2013.03.08 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Syiliv
[2012.09.28 17:55:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Tobit
[2013.03.08 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Ufex
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,15% Memory free
15,89 Gb Paging File | 13,66 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 572,01 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,15 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
 
Computer Name: ANGIE-PC | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3608109509-268345042-4062137763-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0439598E-D025-42F4-B40D-5937020EE22E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0D5BEBFF-7AF4-460B-A788-97A50DA2D387}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12E5389A-8A9F-405B-B6BE-4395FBF435B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{29EFEDAC-09E9-44A6-B481-49842C1F86FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2CE00395-AC59-45AB-AE51-39DC8FAE1FB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2DF66C7B-1B9F-468E-B13D-26BB422224C6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3867D7B3-4519-4212-8198-74590419DAED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{47A87483-84C3-4C39-BC6E-2E322CB1832E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{518347FD-4083-4760-B14A-D8D4E9CC3D50}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8AEBD188-2B9B-4E08-92C5-27636DCF2B66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC83C7B7-BEC4-4C3F-8E8C-90F46C3529F9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CC6E58AB-0985-4301-AF90-3481EF6E4FD2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CDEA2FE5-D06D-4A81-9BBD-F3AE90ACBA01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EFE15CFA-E5A0-4570-BDDA-92EA69B0BD75}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FBABC10F-93F1-4B57-B2FE-834D77855454}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF579493-4D4C-4912-B91D-2422EFD32EB8}" = lport=54925 | protocol=17 | dir=in | name=brother netscan | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0157FA85-4D36-4B30-B227-E29F676D88E9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{02AD4EA5-8BEB-4D26-9BF8-C4A2395D00F6}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{0C70746F-451E-40A8-9E0A-0EECB1FFD555}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1B69F960-34D7-45F7-803C-44BAD45A1B93}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{286F91D5-E803-49B7-8C36-A2919EB3B6B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2CBFD9F3-0C95-48F1-BE21-809684EB2157}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{2F5316CC-72EB-4106-A116-64AFBC309C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{41F6C081-180C-485D-97B1-6291D04ED454}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4546C80C-4FAC-4F50-B0D1-883DE490D0D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8BE60B04-546D-460B-A715-2ACD91B976E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{99558197-C91E-44F8-AE55-5020A21F73AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BEC62BF3-7F3F-4ED6-B681-F186E4683C61}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CD027E64-5117-4B95-B682-60FA5FFAE9F9}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{CDDA3A5C-C74B-4D3A-AA1F-297388900D9A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D3795A34-0C4A-41E4-855D-9529C1095406}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{E8DF17E5-A60D-45E0-B9CA-7AF679C6282A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EB1FAECD-498A-40EB-95F7-27AC8B918B06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{EDFBD23E-C380-4A00-854E-4E02EE436351}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1688CB5-74A8-4372-ACFB-1295298E00BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F7BE6AAD-3F94-4C71-BFCA-17D2637BF1B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FBE8312A-0D8E-4282-B52C-98CA15C4C5F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{BA1542B8-D8B2-4D19-BD09-EAE2B0E464F8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C415027B-BD33-403E-9549-20A99CD6B6FA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{7A390D2C-E64E-4884-9DCF-0CD4044AB481}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E0D31A19-8346-4253-AE9A-557C615596C1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D860FF8-2DA9-816C-514D-8D8EA693B0BB}" = ATI Catalyst Install Manager
"{3FB4DC1E-36CD-5CA3-5DDD-7B4604C63E1B}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BA8EAB0F-8027-D883-713F-1366FD152AE6}" = WMV9/VC-1 Video Playback
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{080F3C1C-721F-4D0F-F9BE-5697D09A55DA}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FCB9A72-EAE6-A30E-5632-136329744FE8}" = CCC Help Russian
"{18D25288-EE3F-3283-781E-0192E80D21BA}" = CCC Help Swedish
"{1FFBF788-F466-F92F-F15B-5C77ACCAC5B5}" = CCC Help Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2468BAE3-7A0B-2022-4EF2-26FD34760D2E}" = Catalyst Control Center Profiles Mobile
"{2534799C-EB5F-2FBB-99B0-715E6B6C565B}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26C18C99-1C29-D52D-4A6B-3B0F4023CC92}" = CCC Help Turkish
"{2C4DC9C3-1128-9478-F370-D1ADA078916C}" = Catalyst Control Center
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49117BC7-700B-0BA6-32E0-6A2140180E7A}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D2769-8885-5ACE-3BD7-4F4FC2BE3C4E}" = Catalyst Control Center Localization All
"{4E9C3C65-B902-FF37-372D-30AAB132AEED}" = CCC Help Chinese Standard
"{512F5625-F021-4F66-E593-5E8E437EF02C}" = CCC Help Thai
"{5925E9CC-644B-2E09-3BB6-D211CF8AB817}" = CCC Help Spanish
"{5D8CA544-4DF8-0F46-5A55-C2221965ECE9}" = CCC Help Finnish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AA30E7C-096D-A63E-F154-8CFA9A609F87}" = CCC Help Hungarian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D080AA9-BECE-5A4D-D594-05AFB953E2D6}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C486BD9-46FD-B7DB-AF0F-9D96391199EB}" = CCC Help French
"{80AACE4D-334F-E171-7A12-5EF7E790ACD9}" = CCC Help Greek
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0527F84-33D7-14CC-5883-E3293026193D}" = CCC Help Japanese
"{A33656AA-5805-F233-2FF2-25173500B7A2}" = PX Profile Update
"{A3825D53-9AB1-057B-50C9-418E03F62F1A}" = CCC Help Norwegian
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5080283-9C24-45A3-A265-94D79DC08D07}" = Brother MFC-5895CW
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABA45151-F635-9FCB-3007-99F627BEA19F}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B70244FC-CE59-F872-CD9E-7DC3E246F14C}" = Catalyst Control Center Graphics Previews Common
"{BD415011-921F-296D-A3F5-E18DD58F2C56}" = CCC Help German
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D4301133-15DE-2726-4A4B-0C4A0F5CB192}" = Catalyst Control Center InstallProxy
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3FD0-1B2D-2DA4-4B1B-932BC92BEA90}" = CCC Help Dutch
"{DDDCC5DC-D9F2-9140-3376-855B68EBA6C5}" = CCC Help Polish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F37CD487-CE8F-29B0-9690-3F0758C10BFB}" = CCC Help Korean
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"dm-Fotowelt" = dm-Fotowelt
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"phase-6" = phase-6 2.3.2b
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.11.2012 13:25:19 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.11.2012 10:31:10 | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2012 10:33:34 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.11.2012 10:33:34 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.11.2012 10:46:19 | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2012 11:17:53 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.11.2012 11:17:53 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.11.2012 16:39:27 | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 16:43:27 | Computer Name = Angie-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 05.11.2012 09:30:52 | Computer Name = Angie-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.03.2013 14:12:08 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 14:12:08 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 14:12:08 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 14:12:08 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 14:13:58 | Computer Name = Angie-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.03.2013 14:17:57 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 08.03.2013 14:21:32 | Computer Name = Angie-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 08.03.2013 14:21:37 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 08.03.2013 15:23:33 | Computer Name = Angie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 09.03.2013 05:11:25 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
 
< End of report >
         
--- --- ---


Alt 10.03.2013, 15:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Groupon E-mail mit Virus

Alt 10.03.2013, 17:16   #7
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Hi,

anbei das erste Log von GMER - das zweite lasse ich jetzt laufen.

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 17:13:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Angie\AppData\Local\Temp\uglorpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000075471465 2 bytes [47, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000754714bb 2 bytes [47, 75]
.text  ...                                                                                                                               * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075471465 2 bytes [47, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000754714bb 2 bytes [47, 75]
.text  ...                                                                                                                               * 2
.text  C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075471465 2 bytes [47, 75]
.text  C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000754714bb 2 bytes [47, 75]
.text  ...                                                                                                                               * 2
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075471465 2 bytes [47, 75]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000754714bb 2 bytes [47, 75]
.text  ...                                                                                                                               * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                   

---- EOF - GMER 2.1 ----
         
--- --- ---


Vielen lieben Dank

Guten Abend

anbei die beiden Logs von den beiden Scans:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Angie :: ANGIE-PC [administrator]

10.03.2013 18:12:01
mbar-log-2013-03-10 (18-12-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31067
Time elapsed: 47 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\Users\Angie\AppData\Local\Temp\nmrcysyblk.pre (Trojan.Ransom.ED) -> Delete on reboot.
c:\Users\Angie\AppData\Local\Temp\{13CB3-8DF868-8DFC68} (Trojan.Ransom.ED) -> Delete on reboot.
c:\Users\Angie\AppData\Local\Temp\nbbzhszrrn.pre (Trojan.Downloader.Gen) -> Delete on reboot.

(end)
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Angie :: ANGIE-PC [administrator]

10.03.2013 19:17:00
mbar-log-2013-03-10 (19-17-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31009
Time elapsed: 59 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
LG Angie

Alt 10.03.2013, 20:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 21:44   #9
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Hi,
bekomme immer wieder (habe es dreimal versucht) diese Fehlmeldung - nachdem ich Scan gedrückt habe (nach ein paar Minuten):

avast! Antirootkit funktioniert nicht mehr
Windows kann online nach einer Lösung für das Problem suchen.

Soll ich trotzdem TDSSKiller ausführen?

Danke für deine Hilfe!

Geändert von seepferd10 (10.03.2013 um 22:07 Uhr)

Alt 10.03.2013, 22:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 22:15   #11
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



So hier wieder der Log:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 22:11:40
-----------------------------
22:11:40.794    OS Version: Windows x64 6.1.7601 Service Pack 1
22:11:40.794    Number of processors: 4 586 0x2A07
22:11:40.794    ComputerName: ANGIE-PC  UserName: Angie
22:11:42.307    Initialize success
22:11:50.659    AVAST engine defs: 13031001
22:12:05.916    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:12:05.916    Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
22:12:05.963    Disk 0 MBR read successfully
22:12:05.963    Disk 0 MBR scan
22:12:05.979    Disk 0 Windows 7 default MBR code
22:12:05.979    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
22:12:06.010    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       670402 MB offset 411648
22:12:06.010    Disk 0 Partition - 00     0F Extended LBA             29693 MB offset 1373394944
22:12:06.057    Disk 0 Partition 3 00     12  Compaq diag NTFS        15108 MB offset 1434206208
22:12:06.103    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29692 MB offset 1373396992
22:12:06.150    Disk 0 scanning C:\windows\system32\drivers
22:12:15.590    Service scanning
22:13:01.019    Modules scanning
22:13:01.549    Disk 0 trace - called modules:
22:13:01.565    
22:13:01.565    Scan finished successfully
22:13:22.273    Disk 0 MBR has been saved successfully to "C:\Users\Angie\Desktop\MBR.dat"
22:13:22.273    The log file has been saved successfully to "C:\Users\Angie\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 22:11:40
-----------------------------
22:11:40.794    OS Version: Windows x64 6.1.7601 Service Pack 1
22:11:40.794    Number of processors: 4 586 0x2A07
22:11:40.794    ComputerName: ANGIE-PC  UserName: Angie
22:11:42.307    Initialize success
22:11:50.659    AVAST engine defs: 13031001
22:12:05.916    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:12:05.916    Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
22:12:05.963    Disk 0 MBR read successfully
22:12:05.963    Disk 0 MBR scan
22:12:05.979    Disk 0 Windows 7 default MBR code
22:12:05.979    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
22:12:06.010    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       670402 MB offset 411648
22:12:06.010    Disk 0 Partition - 00     0F Extended LBA             29693 MB offset 1373394944
22:12:06.057    Disk 0 Partition 3 00     12  Compaq diag NTFS        15108 MB offset 1434206208
22:12:06.103    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29692 MB offset 1373396992
22:12:06.150    Disk 0 scanning C:\windows\system32\drivers
22:12:15.590    Service scanning
22:13:01.019    Modules scanning
22:13:01.549    Disk 0 trace - called modules:
22:13:01.565    
22:13:01.565    Scan finished successfully
22:13:22.273    Disk 0 MBR has been saved successfully to "C:\Users\Angie\Desktop\MBR.dat"
22:13:22.273    The log file has been saved successfully to "C:\Users\Angie\Desktop\aswMBR.txt"
22:13:59.924    Disk 0 MBR has been saved successfully to "C:\Users\Angie\Desktop\MBR.dat"
22:13:59.940    The log file has been saved successfully to "C:\Users\Angie\Desktop\aswMBR.txt"
         

Alt 10.03.2013, 22:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Ok, was ist mit dem anderen Log?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 22:17   #13
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Kommt gleich...

Alt 10.03.2013, 22:19   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 22:21   #15
seepferd10
 
Groupon E-mail mit Virus - Standard

Groupon E-mail mit Virus



Bei dem nächsten Scan wurden keine infizierten Objekte gefunden...

Und gerade hat sich mein PC (blauer Bildschirm) von selbst heruntergefahren und wieder neu gestartet - dann kam die Meldung "Windows wird nach unerwartetem Herunterfahren wieder ausgeführt.

Antwort

Themen zu Groupon E-mail mit Virus
abend, anderes, angeblich, dasselbe, e-mail, groupon, groupon trojaner, guten, helfer, helft, liebe, malwarebytes, mitglied, problem, scan, scanne, verzweifel, virus, vorgehen



Ähnliche Themen: Groupon E-mail mit Virus


  1. Windows 7 64bit - Bitdefender findet bereits 37 infizierte Dateien, Groupon E-Mail geöffnet
    Log-Analyse und Auswertung - 24.09.2013 (11)
  2. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  3. Von Trojaner in Groupon Mail erwischt!
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (19)
  4. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  5. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  6. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  7. Infizierung von Trojan.Agent.Gen nach Groupon Mail
    Log-Analyse und Auswertung - 21.03.2013 (7)
  8. Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (10)
  9. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (16)
  10. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  11. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  12. Suspicious.cloud.5 (groupon virus)
    Log-Analyse und Auswertung - 11.03.2013 (3)
  13. Groupon Virus hat Desktop gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  14. 2x|Groupon Virus eingefangen, Desktop gesperrt
    Mülltonne - 10.03.2013 (1)
  15. Groupon E-mail Anhang mit dem Handy geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (3)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  17. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)

Zum Thema Groupon E-mail mit Virus - Guten Abend liebe Helfer, ich habe dasselbe Problem wie ein anderes Mitglied und mir über eine E-mail (die angeblich von Groupon kam) einen Virus eingefangen. Habe mir Malwarebytes heruntergeladen und - Groupon E-mail mit Virus...
Archiv
Du betrachtest: Groupon E-mail mit Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.