Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bprotector entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.04.2013, 10:02   #1
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Hallo liebes Team,

wäre schön, wenn mir jemand helfen könnte. Falls ich etwas nicht genau genug beschreibe, vergebt mir, ich bin ein Neuling.

Mein Virenprogramm ist Avast. Gestern habe ich SuperAntispyware installiert, welches mir dann sogleich den bProtector anzeigte. Er wurde dann in Quarantäne verschoben und gelöscht.

Beim googlen nach dem bProtector bin ich dann darauf gestoßen, das immer wieder empfohlen wurde, den ADWcleaner zu installieren und das Ergebnis zu posten. Ich habe ihn installiert, wollte aber erst abwarten, was mir empfohlen wird.

Vielen Dank für Eure Hilfe.

Alt 29.04.2013, 10:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 29.04.2013, 10:56   #3
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Hallo und danke für die Hilfe,

aus Unwissenheit ist die Log Datei von gestern gar nicht gespeichert. Ich hatte AntiSpyware jetzt nochmal gestartet, habe es jetzt aber gestoppt.
Ansonsten habe ich keine Logs gefunden. Tut mir leid. Ich hoffe, es klappt trotzdem.

Hier vom ADWCleaner

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 29/04/2013 um 10:26:04 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Downloads\AdwCleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\searchplugins\claro.xml
Datei Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Public\Desktop\iLivid.lnk
Ordner Gefunden : C:\Program Files\adawaretb
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\adawaretb
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\search protection
Ordner Gefunden : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\3onebcgf.default\adawaretb
Ordner Gefunden : C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\fpf7ybj1.default\adawaretb
Ordner Gefunden : C:\Users\xx\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\xxx\AppData\Local\Conduit
Ordner Gefunden : C:\Users\xxx\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\xxx\AppData\LocalLow\adawaretb
Ordner Gefunden : C:\Users\xxx\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\adawaretb
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\CT2319825
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\software@loadtubes.com
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\Smartbar
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\5b55dd8fb23ce413
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\prefs.js

Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.autoRvrt", "false");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "0c3f608b000000000000002433e8aec4");
Gefunden : user_pref("extensions.claro.instlDay", "15713");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.rvrt", "false");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gefunden : user_pref("extensions.claro_i.excTlbr", false);
Gefunden : user_pref("extensions.claro_i.newTab", false);
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.8.513:30:25");

Datei : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\3onebcgf.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\fpf7ybj1.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.34] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gefunden [l.37] : keyword = "search.conduit.com",
Gefunden [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2319825",

*************************

AdwCleaner[R1].txt - [9474 octets] - [29/04/2013 10:26:04]

########## EOF - C:\AdwCleaner[R1].txt - [9534 octets] ##########
         
--- --- ---

[/CODE]


Danke
__________________

Alt 29.04.2013, 12:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2013, 21:31   #5
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Hallo,
hier die Logs

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.04.2013 14:54:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,77% Memory free
5,93 Gb Paging File | 3,59 Gb Available in Paging File | 60,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 203,47 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\Downloads\AdwCleaner.exe ()
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft.)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
PRC - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\Downloads\AdwCleaner.exe ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys (Cyberlink Corp.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B4A998E2C741F500CF7A36516C5CDC1D
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 22 A4 4C DF 9B CD 01  [binary data]
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=0213_8&babsrc=SP_clro&mntrId=0c3f608b000000000000002433e8aec4
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=B4A998E2C741F500CF7A36516C5CDC1D&q={searchTerms}
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.0.9
FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B4A998E2C741F500CF7A36516C5CDC1D"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.28 01:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.14 21:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 22:03:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 15:36:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.14 21:53:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 22:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 15:36:15 | 000,000,000 | ---D | M]
 
[2012.07.30 23:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.15 22:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions
[2013.01.14 22:05:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.10 20:54:46 | 000,000,000 | ---D | M] (Winload) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2013.04.15 22:02:49 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.02.02 10:37:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.27 22:54:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.26 21:46:54 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013.01.23 21:30:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.15 22:03:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.10.11 12:11:53 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\software@loadtubes.com
[2013.01.14 22:05:22 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\autopager@mozilla.org.xpi
[2012.12.25 16:41:36 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\dendzones@captaincaveman.nl.xpi
[2012.08.29 21:19:45 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\extension@ciuvo.com.xpi
[2013.02.01 16:07:12 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\firebug@software.joehewitt.com.xpi
[2012.12.25 16:41:36 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\smarterwiki@wikiatic.com.xpi
[2012.07.31 00:28:08 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\wisestamp@wisestamp.com.xpi
[2013.02.02 16:07:07 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.01 16:07:11 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.10 20:45:53 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.08 14:30:26 | 000,001,300 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\searchplugins\claro.xml
[2012.10.11 12:13:04 | 000,000,907 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\searchplugins\conduit.xml
[2013.02.02 11:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 10:07:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.28 22:10:41 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2013.04.15 22:03:00 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2013.03.30 10:07:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.08 14:30:06 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.03.30 10:07:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.30 10:07:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.30 10:07:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.30 10:07:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.30 10:07:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2319825
CHR - default_search_provider: suggest_url = ,
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Wetter (Erweiterung) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\
CHR - Extension: WOT = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: eBay Extension f\u00FCr Google Chrome\u2122 (von eBay) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.6.10_0\
CHR - Extension: SecureSearch = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Facebook Lite for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npmllfhdnjcijofddghkhhknagamimip\2.1.5.27030_0\
CHR - Extension: Google Calendar Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Miriam\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5940853-09EB-450B-9C58-0EB764C1D70E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261040~1.25\{c16c1~1\browse~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.29 14:49:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Computer
[2013.04.28 22:18:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.28 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.28 22:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.28 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.25 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.25 13:10:45 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.25 13:10:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.25 13:10:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.25 13:10:41 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.24 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2013.04.24 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2013.04.23 20:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.15 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.15 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.04.15 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.04.15 22:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.15 22:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.04.15 22:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.15 22:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013.04.15 22:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.04.15 22:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013.04.15 22:03:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2013.04.15 22:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.15 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.04.15 22:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013.04.15 22:01:31 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.04.15 22:01:31 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.04.15 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.04.15 11:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013.04.15 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Glarysoft
[2013.04.15 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2013.04.15 11:57:19 | 006,680,408 | ---- | C] (Glarysoft Ltd                                               ) -- C:\Users\Miriam\Desktop\Glary_Utilities_v2-54-0-1759.exe
[2013.04.15 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ProgrammeNEU
[2013.04.15 11:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.04.15 11:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.15 11:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.15 11:37:04 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.04.15 11:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.10 22:56:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 22:56:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 22:56:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 22:56:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 22:56:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 22:56:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 22:56:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 22:56:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 10:56:50 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 10:56:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 10:56:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 10:56:38 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 10:56:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 10:56:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 14:19:04 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b8f96cc8-ee45-4c6f-8a67-c803e835c708.job
[2013.04.29 14:19:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001UA.job
[2013.04.29 14:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.29 14:10:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 08:04:33 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.29 08:04:26 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.29 08:04:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.29 08:04:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 07:02:14 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 07:02:14 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 06:54:04 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 07d38fe0-21af-4df4-9437-a8be403c5f28.job
[2013.04.29 06:53:57 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.28 22:18:26 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.28 21:47:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013.04.27 15:19:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001Core.job
[2013.04.25 21:54:15 | 000,021,035 | ---- | M] () -- C:\Users\***\Documents\FacebookFabian.odt
[2013.04.25 13:10:36 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.25 13:10:33 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.25 13:10:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.25 13:10:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.25 13:10:31 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.25 13:10:31 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.19 20:12:14 | 000,000,680 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013.04.16 13:03:16 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.16 13:03:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.16 08:10:01 | 000,298,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.15 22:01:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.04.15 22:01:30 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.04.15 11:58:00 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2013.04.15 11:58:00 | 000,000,141 | ---- | M] () -- C:\Users\***\Desktop\Glarysoft Giveaway.url
[2013.04.15 11:57:26 | 006,680,408 | ---- | M] (Glarysoft Ltd                                               ) -- C:\Users\***\Desktop\Glary_Utilities_v2-54-0-1759.exe
[2013.04.09 15:11:10 | 000,020,369 | ---- | M] () -- C:\Users\***\Documents\Lebenslauf **.odt
[2013.04.09 14:18:39 | 000,656,782 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.09 14:18:39 | 000,618,624 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.09 14:18:39 | 000,131,220 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.09 14:18:39 | 000,107,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.04.28 22:19:12 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b8f96cc8-ee45-4c6f-8a67-c803e835c708.job
[2013.04.28 22:19:09 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 07d38fe0-21af-4df4-9437-a8be403c5f28.job
[2013.04.28 22:18:26 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.28 21:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013.04.25 21:54:13 | 000,021,035 | ---- | C] () -- C:\Users\***\Documents\FacebookFabian.odt
[2013.04.15 22:04:13 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.15 11:58:03 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.15 11:58:00 | 000,001,020 | ---- | C] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2013.04.15 11:58:00 | 000,000,141 | ---- | C] () -- C:\Users\***\Desktop\Glarysoft Giveaway.url
[2013.04.15 11:52:10 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.04.15 11:37:12 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.09 15:11:08 | 000,020,369 | ---- | C] () -- C:\Users\***\Documents\Lebenslauf **.odt
[2013.03.28 01:05:44 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.28 01:05:43 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.03.25 18:37:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.25 18:37:20 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.02.14 21:46:43 | 000,226,628 | ---- | C] () -- C:\Windows\hpoins18.dat
[2013.02.14 21:46:43 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012.12.25 14:00:53 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2012.12.25 14:00:53 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2012.12.25 14:00:43 | 000,598,016 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2012.12.25 14:00:43 | 000,307,200 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2012.12.25 14:00:43 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2012.12.25 14:00:43 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2012.12.25 14:00:43 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2012.12.25 14:00:43 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2012.12.25 14:00:43 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2012.11.26 22:25:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.10.16 14:06:24 | 000,001,350 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.09.13 12:53:04 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012.09.02 19:51:20 | 000,019,569 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.09.02 17:23:35 | 000,002,090 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.07.30 23:31:22 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2012.07.30 22:56:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.21 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\.minecraft
[2013.04.19 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ad-Aware Antivirus
[2012.09.20 20:42:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MyPhoneExplorer
[2012.08.10 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2013.03.28 19:12:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2013.04.16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Ad-Aware Antivirus
[2012.09.14 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\F-Secure
[2012.07.31 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org
[2013.02.12 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\pdfforge
[2013.03.28 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TuneUp Software
[2013.04.15 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.08.31 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\becker
[2013.02.12 18:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.09.28 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2012.12.26 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataCast
[2012.11.27 23:02:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.11.27 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.07 10:00:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure
[2013.04.15 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Glarysoft
[2012.09.28 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2012.11.10 23:57:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2012.07.31 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.28 19:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.01.09 10:08:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PerformerSoft
[2012.12.12 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2013.04.24 14:10:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2013.03.27 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


[/CODE]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2013 14:54:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,77% Memory free
5,93 Gb Paging File | 3,59 Gb Available in Paging File | 60,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 203,47 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B599C9D-1D30-45A4-A846-EAC0A10C6CE2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3704C960-4723-49F7-AF93-D7EB4378B05C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DAB0FBD-F3BB-4BA5-AD12-CDCB46148FEC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{45DD84EE-9528-426D-B7CE-C92A48C2F044}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50140659-3234-4545-9060-B70DFEA198A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53E8D552-7D14-466D-8FD8-1121FE7929A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{554AC6E5-2415-4009-979C-31A544DAC8B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6ECF7D73-2054-4F3A-8268-308C4ABE3369}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75CBF18E-0BDD-436E-8BE3-E005983EA511}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{824C7C4C-C6EB-4DFB-BB7E-C6981869652E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{88A51224-99FF-403C-AAB5-84F56AAC5878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99D19777-E268-487A-9E34-1B998DFA4FEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4CF9981-52ED-4632-BEE5-C9FA9408ED3C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7DD3AA5-3B1E-4EA4-BF27-5AD7EE44B521}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{AEB03589-B406-44E8-ACE1-1A7CC4703104}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B03E5D86-C361-49C8-82FF-1C417DB9C799}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B10B9176-E2EA-4E9C-9C5E-3CAAB6DDA9CA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B65C13C1-CD8C-4473-BA9C-EC9C3DA9BC9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C7624BDB-356B-45EE-9C4A-C3234D32F5FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CEBD00FE-90BE-4F1F-A228-E41E41515355}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5A1FB4D-44A1-498F-982D-4440195E93E6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6882D8B-8A5E-4EF6-8249-60E0954CC11D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC3DE068-6A9F-4FCA-B9F1-1B3421B29A88}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8ACC6FE-C8E1-4886-9E97-DFF328CF6F09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A60951-0153-4E95-9C0B-AD7DE27B9CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C227153-EF2A-48CB-999C-184DF63B1609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D7449CE-5C73-437C-89A7-27E455702A38}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12.exe | 
"{11B400C5-B8A5-4D98-9DBC-8551859056F3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{123AB7C5-F0A9-4D97-889F-B1E1BE6630EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{15BD1362-375F-49B1-A3BA-2067BE42387F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{178A59DC-B003-4E22-BD77-8AA84761E42A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18DE730A-299F-429F-BBB3-89B8138C2EEC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{1B683190-7903-4487-8CDC-71A227994FFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{229DCFD7-5143-42C3-8F7E-5BAA8AEC5D41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2467F451-F474-41E2-A584-78A2BFBDEEF9}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{2E1788B2-8448-497C-9ACA-AECE8EF1294B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E5050B0-DE09-4566-B78A-4A0E0E27EC1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43D7C0AF-CC9A-4B65-B602-F2F7805429ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{454482C7-5D86-42BF-95F9-BCE8B09AAEC2}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{4F74CF38-EFC8-4502-B5E6-2B998542E52B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{685C308C-6386-4813-B5CB-ADD241155BDD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{6BF44B4C-A095-40D4-BE27-D426A8C499A7}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{78AE4D06-86F7-4CA5-B39C-8733ACFCF27A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79E2E2B9-F037-4E5B-970D-F6FF368658E1}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7C1CB1F6-8462-4754-BDCC-0CEF084F964F}" = dir=in | app=c:\program files\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{7DEFEFA4-63A2-4885-A1BF-C72BD934AC04}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{8E08F500-28D0-417F-A31C-FEC620BC6EFB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{909843D5-992E-45B0-81FB-30A424B98C33}" = protocol=6 | dir=out | app=system | 
"{945955D4-07A8-4616-810D-0E4CD568B2BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9549CE2E-B504-49EA-80B2-6EA5DD43D082}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{A4FAC013-DD56-440D-9460-8A818EDFF001}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{AD894FFC-6812-4B9F-BFE1-613E8C35FE5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B382C7C9-A494-4230-9E69-3B7D8EDC61E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF83B2A5-8DCD-4E54-AD49-953FA380120F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{D18BF811-EF2B-4B8C-BBB0-2FE62332EDFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2F68CF8-040A-4A9C-9D54-1D24F380F31F}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{DA9F6318-9A34-464E-A985-C97A41DEFFB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F17F9E50-F6F9-40BF-AF6C-7D3D5BFB38E5}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F6544D9A-FE7B-4225-A580-7E800BA7AFDD}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{F6EC23A6-56F7-4CE9-AEC2-E8FEAB126474}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF0154EE-160C-4217-9AEB-CDBFBC80CC32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{58D649D8-0405-4704-8C14-CEA3ACF98FFB}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{5A6A9961-5663-4008-B814-92BB45A55169}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D241903A-6C03-4699-9EE6-38A3F2C39BB6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{1AD9E4DB-2B3A-4FF9-B063-938E49131E06}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{95CE94C7-FF7D-4C92-A488-12D892A9E724}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{DC8E9920-71C6-43BE-B902-3EBE14C2B120}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AudibleDownloadManager" = Audible Download Manager
"avast" = avast! Free Antivirus
"AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0
"AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.0.25
"Brick-Force" = Brick-Force 
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Content Manager 2" = Content Manager 2
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"GIMP-2_is1" = GIMP 2.8.2
"Glary Utilities_is1" = Glary Utilities 2.54.0.1759
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"MAGIX mp3 maker SE" = MAGIX mp3 maker SE
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.4
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2013 17:19:16 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.04.2013 17:19:16 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8814
 
Error - 28.04.2013 17:19:16 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8814
 
Error - 28.04.2013 17:19:17 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.04.2013 17:19:17 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9813
 
Error - 28.04.2013 17:19:17 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9813
 
Error - 28.04.2013 17:19:18 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.04.2013 02:04:29 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Canon\Solution
 Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.04.2013 02:04:29 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Canon\Solution
 Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.04.2013 02:04:34 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Spybot - Search and Destroy Events ]
Error - 15.04.2013 06:36:01 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 15.01.2013 13:55:33 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2013 14:04:10 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2013 15:37:30 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2013 15:37:41 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2013 07:08:31 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.01.2013 07:08:31 | Computer Name =***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2013 12:40:05 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.01.2013 12:40:05 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.01.2013 07:09:39 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.01.2013 07:09:39 | Computer Name =***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


[/CODE]


Danke


Alt 30.04.2013, 14:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> bprotector entfernen

Alt 30.04.2013, 23:18   #7
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Hier nach Anweisung ausgeführt:

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-30 23:03:35
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9SA00 rev.PB4OC64G 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\ugdiypod.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82043A09 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           8207D1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e8aec4                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e8aec4@0025e5d87d83         0xE4 0xF2 0xAC 0x9F ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e8aec4@6c8336c4050d         0xCA 0x76 0xFE 0x72 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e8aec4 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e8aec4@0025e5d87d83             0xE4 0xF2 0xAC 0x9F ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e8aec4@6c8336c4050d             0xCA 0x76 0xFE 0x72 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Miriam :: MIRIAM-PC [administrator]

30.04.2013 23:28:30
mbar-log-2013-04-30 (23-28-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29530
Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\Users\***\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Delete on reboot.
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 13
c:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\**\AppData\Local\Temp\~tmp747042629579012548.exe (Trojan.Inject) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\***\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.

(end)
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

30.04.2013 23:58:31
mbar-log-2013-04-30 (23-58-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29519
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 01.05.2013, 01:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.05.2013, 21:21   #9
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Logfile nach Combofix


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-01.03 - *** 01.05.2013  21:23:13.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3039.1967 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\pthreadVC.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-01 bis 2013-05-01  ))))))))))))))))))))))))))))))
.
.
2013-05-01 19:32 . 2013-05-01 19:33	--------	d-----w-	c:\users\***\AppData\Local\temp
2013-05-01 19:32 . 2013-05-01 19:32	--------	d-----w-	c:\users\**\AppData\Local\temp
2013-05-01 19:32 . 2013-05-01 19:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-01 19:32 . 2013-05-01 19:32	--------	d-----w-	c:\users\*\AppData\Local\temp
2013-04-30 22:38 . 2013-04-30 22:38	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 21:14 . 2013-04-30 21:14	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-28 20:18 . 2013-04-28 20:18	--------	d-----w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2013-04-28 20:18 . 2013-04-28 20:18	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-28 20:18 . 2013-04-28 20:18	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-25 11:11 . 2013-04-25 11:11	--------	d-----w-	c:\program files\Common Files\Java
2013-04-25 11:10 . 2013-04-25 11:10	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 12:35 . 2013-04-24 12:35	--------	d-----w-	c:\users\***\AppData\Roaming\InstallShield
2013-04-24 12:09 . 2013-04-24 12:10	--------	d-----w-	c:\users\***\AppData\Roaming\TeamViewer
2013-04-23 18:49 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:46 . 2013-04-23 18:46	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-19 18:13 . 2013-04-19 18:13	--------	d-----w-	c:\users\*\AppData\Roaming\Ad-Aware Antivirus
2013-04-19 18:12 . 2013-04-19 18:13	--------	d-----w-	c:\users\*\AppData\Local\adawarebp
2013-04-16 06:29 . 2013-04-16 20:08	--------	d-----w-	c:\users\**\AppData\Roaming\Ad-Aware Antivirus
2013-04-16 06:29 . 2013-04-16 06:29	--------	d-----w-	c:\users\**\AppData\Local\adawarebp
2013-04-15 20:10 . 2013-04-15 20:10	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-04-15 20:10 . 2013-04-15 20:10	--------	d-----w-	c:\users\***\AppData\Roaming\LavasoftStatistics
2013-04-15 20:04 . 2013-04-15 20:04	--------	d-----w-	c:\programdata\Lavasoft
2013-04-15 20:04 . 2013-04-15 20:11	--------	d-----w-	c:\program files\Ad-Aware Antivirus
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\programdata\Downloaded Installations
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\programdata\Search Protection
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\users\***\AppData\Local\adawarebp
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\programdata\blekko toolbars
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\programdata\adawaretb
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-04-15 20:03 . 2013-04-15 20:03	--------	d-----w-	c:\program files\Toolbar Cleaner
2013-04-15 20:02 . 2013-04-15 20:03	--------	d-----w-	c:\program files\adawaretb
2013-04-15 20:01 . 2013-04-15 20:01	44424	----a-w-	c:\windows\system32\sbbd.exe
2013-04-15 20:01 . 2013-04-15 20:01	13560	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-04-15 20:01 . 2013-04-15 20:44	--------	d-----w-	c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2013-04-15 09:57 . 2013-04-15 10:09	--------	d-----w-	c:\users\***\AppData\Roaming\Glarysoft
2013-04-15 09:57 . 2013-04-15 09:58	--------	d-----w-	c:\program files\Glary Utilities
2013-04-15 09:52 . 2013-04-15 09:52	--------	d-----w-	c:\program files\TeamViewer
2013-04-15 09:37 . 2013-05-01 19:07	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-15 09:37 . 2009-01-25 10:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2013-04-15 09:36 . 2013-04-15 09:37	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-04-10 08:56 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 08:56 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 08:56 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 08:56 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 08:56 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 08:56 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-10 08:56 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 08:56 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-10 08:56 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 11:10 . 2012-08-24 18:29	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-25 11:10 . 2012-08-24 18:29	866720	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-16 11:03 . 2012-07-31 13:30	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-16 11:03 . 2012-07-31 13:30	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2013-03-27 23:05	164736	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-27 23:05	49248	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2012-10-03 19:49	368176	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-10-03 19:49	62376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-10-03 19:49	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-10-03 19:49	60656	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-10-03 19:49	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-10-03 19:49	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-10-03 19:47	41664	----a-w-	c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-10-03 19:47	228600	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-12 04:48 . 2013-03-13 17:37	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:37	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 20:42	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 08:54 . 2013-03-25 16:37	37344	----a-w-	c:\windows\system32\FsUsbExDisk.Sys
2013-02-05 08:54 . 2013-03-25 16:37	233472	----a-w-	c:\windows\system32\FsUsbExService.Exe
2013-02-05 08:52 . 2009-04-16 12:24	491520	----a-w-	c:\windows\system32\muzapp.dll
2013-02-05 08:52 . 2009-04-16 12:24	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2013-02-05 08:52 . 2009-04-16 12:24	172032	----a-w-	c:\windows\system32\muzapp.exe
2013-03-30 08:07 . 2013-02-02 09:15	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47	87464	----a-w-	c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_26E26F05662789E00DFEAF36917849F2"="c:\users\***\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"PowerDVD12DMREngine"="c:\program files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2013-04-15 168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-25 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-25 651264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/01/08 13:15];c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [x]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 11:03]
.
2013-05-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-15 15:21]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 11:49]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 11:49]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 18:58]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 18:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B4A998E2C741F500CF7A36516C5CDC1D
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B4A998E2C741F500CF7A36516C5CDC1D
FF - ExtSQL: !HIDDEN! 2013-02-14 20:53; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 0c3f608b000000000000002433e8aec4
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15713
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.513:30
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-01  21:34:33
ComboFix-quarantined-files.txt  2013-05-01 19:34
.
Vor Suchlauf: 18 Verzeichnis(se), 223.125.479.424 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 223.271.976.960 Bytes frei
.
- - End Of File - - 4E7BE0087522A7D13006D12438D1D2C8
         
--- --- ---

Alt 01.05.2013, 21:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.05.2013, 22:53   #11
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Alles abgearbeitet...



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x86
Ran by Miriam on 01.05.2013 at 23:07:33,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adawaretb"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Failed to delete: [Folder] "C:\ProgramData\search protection"
Failed to delete: [Folder] "C:\ProgramData\application data\search protection"
Successfully deleted: [Folder] "C:\Users\Miriam\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Miriam\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Miriam\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Miriam\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Miriam\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Miriam\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Miriam\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\conduit"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\user.js
Successfully deleted: [File] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\smartbar
Successfully deleted: [Folder] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\software@loadtubes.com
Failed to delete: [Folder] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted: [Folder] C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\prefs.js

user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "0c3f608b000000000000002433e8aec4");
user_pref("extensions.claro.instlDay", "15713");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.rvrt", "false");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.8.5");
user_pref("extensions.claro.vrsni", "1.8.8.5");
user_pref("extensions.claro_i.excTlbr", false);
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.8.513:30:25");
user_pref("browser.search.selectedEngine", "SecureSearch");
user_pref("browser.startup.homepage", "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=B4A998E2C741F500CF7A36516C5CDC1D");
Emptied folder: C:\Users\Miriam\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2013 at 23:09:24,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 01/05/2013 um 23:12:41 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner (1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\searchplugins\claro.xml
Datei Gefunden : C:\Users\Public\Desktop\iLivid.lnk
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\ProgramData\search protection
Ordner Gefunden : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\3onebcgf.default\adawaretb
Ordner Gefunden : C:\Users\**\AppData\LocalLow\adawaretb
Ordner Gefunden : C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\fpf7ybj1.default\adawaretb
Ordner Gefunden : C:\Users\**\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\***\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\adawaretb
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\CT2319825
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\5b55dd8fb23ce413
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\3onebcgf.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\fpf7ybj1.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.37] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gefunden [l.40] : keyword = "search.conduit.com",
Gefunden [l.44] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2319825",

*************************

AdwCleaner[R1].txt - [9603 octets] - [29/04/2013 10:26:04]
AdwCleaner[R2].txt - [4422 octets] - [01/05/2013 23:12:41]

########## EOF - C:\AdwCleaner[R2].txt - [4482 octets] ##########
         
--- --- ---

[/CODE]


Code:
ATTFilter
logfile created on: 01.05.2013 23:17:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Miriam\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,32% Memory free
5,93 Gb Paging File | 4,19 Gb Available in Paging File | 70,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 207,77 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\***\Downloads\adwcleaner (1).exe ()
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft.)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Programme\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
PRC - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\Downloads\adwcleaner (1).exe ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Programme\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys (Cyberlink Corp.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 22 A4 4C DF 9B CD 01  [binary data]
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.0.9
FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.28 01:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.14 21:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 22:03:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.30 23:31:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.14 21:53:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 22:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.30 23:31:07 | 000,000,000 | ---D | M]
 
[2012.07.30 23:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.01 23:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions
[2013.01.14 22:05:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.10 20:54:46 | 000,000,000 | ---D | M] (Winload) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2013.05.01 23:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.02.02 10:37:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.26 21:46:54 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013.01.23 21:30:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a042n12q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.14 22:05:22 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\autopager@mozilla.org.xpi
[2012.12.25 16:41:36 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\dendzones@captaincaveman.nl.xpi
[2012.08.29 21:19:45 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\extension@ciuvo.com.xpi
[2013.02.01 16:07:12 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\firebug@software.joehewitt.com.xpi
[2012.12.25 16:41:36 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\smarterwiki@wikiatic.com.xpi
[2012.07.31 00:28:08 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\wisestamp@wisestamp.com.xpi
[2013.02.02 16:07:07 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.01 16:07:11 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.10 20:45:53 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.08 14:30:26 | 000,001,300 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a042n12q.default\searchplugins\claro.xml
[2013.02.02 11:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 10:07:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.30 10:07:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.30 10:07:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.30 10:07:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.30 10:07:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.30 10:07:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.30 10:07:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2319825
CHR - default_search_provider: suggest_url = ,
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Wetter (Erweiterung) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\
CHR - Extension: WOT = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: eBay Extension f\u00FCr Google Chrome\u2122 (von eBay) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.6.10_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Facebook Lite for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npmllfhdnjcijofddghkhhknagamimip\2.1.5.27030_0\
CHR - Extension: Google Calendar Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
 
O1 HOSTS File: ([2013.05.01 21:32:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-699669428-1510781343-25146314-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5940853-09EB-450B-9C58-0EB764C1D70E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.01 23:07:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.01 23:07:09 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.01 21:50:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.01 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\temp
[2013.05.01 21:10:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.01 21:10:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.01 21:10:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.01 20:40:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.01 20:38:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.01 00:40:09 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.01 00:40:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.01 00:40:09 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.01 00:40:09 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.01 00:40:09 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.01 00:40:09 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.01 00:40:09 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.01 00:40:09 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.01 00:40:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.01 00:40:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.01 00:40:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.01 00:40:09 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.01 00:40:09 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.01 00:40:09 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.01 00:40:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.01 00:40:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.01 00:40:09 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.01 00:40:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.01 00:40:09 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.01 00:40:09 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.01 00:40:09 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.01 00:40:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.01 00:40:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.01 00:40:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.01 00:40:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.01 00:40:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.01 00:40:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.01 00:40:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.01 00:40:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.01 00:40:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.01 00:40:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.01 00:40:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.01 00:40:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.01 00:40:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.01 00:40:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.01 00:40:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.01 00:38:35 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.05.01 00:38:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.05.01 00:38:35 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.05.01 00:38:35 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.05.01 00:38:35 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.05.01 00:38:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.05.01 00:38:35 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.05.01 00:38:35 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.05.01 00:38:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.05.01 00:38:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.05.01 00:38:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.05.01 00:38:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.05.01 00:38:35 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.05.01 00:38:35 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.05.01 00:38:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.05.01 00:38:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.05.01 00:38:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.01 00:38:35 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.01 00:38:35 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.01 00:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.01 00:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.30 23:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.30 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.04.29 14:49:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Computer
[2013.04.28 22:18:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.28 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.28 22:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.28 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.25 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.25 13:10:45 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.25 13:10:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.25 13:10:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.25 13:10:41 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.24 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2013.04.24 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2013.04.23 20:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.15 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.15 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.04.15 22:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.04.15 22:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.15 22:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.04.15 22:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.15 22:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013.04.15 22:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.15 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.04.15 22:01:31 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.04.15 22:01:31 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.04.15 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.04.15 11:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013.04.15 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Glarysoft
[2013.04.15 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2013.04.15 11:57:19 | 006,680,408 | ---- | C] (Glarysoft Ltd                                               ) -- C:\Users\Miriam\Desktop\Glary_Utilities_v2-54-0-1759.exe
[2013.04.15 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ProgrammeNEU
[2013.04.15 11:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.04.15 11:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.15 11:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.15 11:37:04 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.04.15 11:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.10 10:56:50 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 10:56:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 10:56:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 10:56:38 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 10:56:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 10:56:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.01 23:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001UA.job
[2013.05.01 23:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.01 23:10:41 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c486486b-124f-4c11-98ff-85e36e239ee5.job
[2013.05.01 23:10:39 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7c77ffda-f680-4055-82e1-bd3ebb4ec820.job
[2013.05.01 23:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.01 22:11:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.01 22:04:08 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 22:04:08 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 21:55:59 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.05.01 21:55:10 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.05.01 21:54:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.01 21:54:41 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.01 21:32:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.01 20:46:23 | 000,001,138 | ---- | M] () -- C:\Users\***\Desktop\ComboFix - Verknüpfung.lnk
[2013.05.01 00:40:09 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.01 00:40:09 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.01 00:40:09 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.01 00:40:09 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.01 00:40:09 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.01 00:40:09 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.01 00:40:09 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.01 00:40:09 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.01 00:40:09 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.01 00:40:09 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.01 00:40:09 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.01 00:40:09 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.01 00:40:09 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.01 00:40:09 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.01 00:40:09 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.01 00:40:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.01 00:40:09 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.01 00:40:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.01 00:40:09 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.01 00:40:09 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.01 00:40:09 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.01 00:40:09 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.01 00:40:09 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.01 00:40:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.01 00:40:09 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.01 00:40:09 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.01 00:40:09 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.01 00:40:09 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.01 00:40:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.01 00:40:09 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.01 00:40:09 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.01 00:40:09 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.01 00:40:09 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.01 00:40:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.01 00:40:09 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.01 00:40:09 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.01 00:40:09 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.01 00:38:35 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.05.01 00:38:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.05.01 00:38:35 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.05.01 00:38:35 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.05.01 00:38:35 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.05.01 00:38:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.05.01 00:38:35 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.05.01 00:38:35 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.05.01 00:38:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.05.01 00:38:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.05.01 00:38:35 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.05.01 00:38:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.05.01 00:38:35 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.05.01 00:38:35 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.05.01 00:38:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.05.01 00:38:35 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.05.01 00:38:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.01 00:38:35 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.01 00:38:35 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.01 00:38:35 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.01 00:38:35 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.01 00:38:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.30 22:42:12 | 377,625,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.29 15:19:06 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699669428-1510781343-25146314-1001Core.job
[2013.04.28 22:18:26 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.25 21:54:15 | 000,021,035 | ---- | M] () -- C:\Users\Miriam\Documents\FacebookFabian.odt
[2013.04.25 13:10:36 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.25 13:10:33 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.25 13:10:33 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.25 13:10:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.25 13:10:31 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.25 13:10:31 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.19 20:12:14 | 000,000,680 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013.04.16 13:03:16 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.16 13:03:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.16 08:10:01 | 000,298,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.15 22:01:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.04.15 22:01:30 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.04.15 11:58:00 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2013.04.15 11:58:00 | 000,000,141 | ---- | M] () -- C:\Users\***\Desktop\Glarysoft Giveaway.url
[2013.04.15 11:57:26 | 006,680,408 | ---- | M] (Glarysoft Ltd                                               ) -- C:\Users\***\Desktop\Glary_Utilities_v2-54-0-1759.exe
[2013.04.09 15:11:10 | 000,020,369 | ---- | M] () -- C:\Users\***\Documents\Lebenslauf **.odt
[2013.04.09 14:18:39 | 000,656,782 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.09 14:18:39 | 000,618,624 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.09 14:18:39 | 000,131,220 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.09 14:18:39 | 000,107,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.01 23:10:41 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c486486b-124f-4c11-98ff-85e36e239ee5.job
[2013.05.01 23:10:39 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7c77ffda-f680-4055-82e1-bd3ebb4ec820.job
[2013.05.01 21:10:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.01 21:10:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.01 21:10:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.01 21:10:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.01 21:10:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.01 20:46:23 | 000,001,138 | ---- | C] () -- C:\Users\***\Desktop\ComboFix - Verknüpfung.lnk
[2013.05.01 00:40:09 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.30 22:42:12 | 377,625,209 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.28 22:18:26 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.25 21:54:13 | 000,021,035 | ---- | C] () -- C:\Users\***\Documents\FacebookFabian.odt
[2013.04.15 22:04:13 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.15 11:58:03 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.15 11:58:00 | 000,001,020 | ---- | C] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2013.04.15 11:58:00 | 000,000,141 | ---- | C] () -- C:\Users\***\Desktop\Glarysoft Giveaway.url
[2013.04.15 11:52:10 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.04.15 11:37:12 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.09 15:11:08 | 000,020,369 | ---- | C] () -- C:\Users\***\Documents\Lebenslauf Lon.odt
[2013.03.28 01:05:44 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.28 01:05:43 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.03.25 18:37:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.25 18:37:20 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.02.14 21:46:43 | 000,226,628 | ---- | C] () -- C:\Windows\hpoins18.dat
[2013.02.14 21:46:43 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012.12.25 14:00:53 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2012.12.25 14:00:53 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2012.12.25 14:00:43 | 000,598,016 | R--- | C] () -- C:\Windows\System32\sptlib21.dll
[2012.12.25 14:00:43 | 000,307,200 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2012.12.25 14:00:43 | 000,294,912 | R--- | C] () -- C:\Windows\System32\sptlib11.dll
[2012.12.25 14:00:43 | 000,290,816 | R--- | C] () -- C:\Windows\System32\sptlib22.dll
[2012.12.25 14:00:43 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2012.12.25 14:00:43 | 000,225,280 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2012.12.25 14:00:43 | 000,135,168 | R--- | C] () -- C:\Windows\System32\sptlib12.dll
[2012.11.26 22:25:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.10.16 14:06:24 | 000,001,350 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.09.13 12:53:04 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012.09.02 19:51:20 | 000,019,569 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.09.02 17:23:35 | 000,002,090 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.07.30 23:31:22 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2012.07.30 22:56:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a042n12q.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.21 22:51:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\.minecraft
[2013.04.19 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ad-Aware Antivirus
[2012.09.20 20:42:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MyPhoneExplorer
[2012.08.10 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2013.03.28 19:12:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2013.04.16 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Ad-Aware Antivirus
[2012.09.14 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\F-Secure
[2012.07.31 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org
[2013.02.12 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\pdfforge
[2013.03.28 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TuneUp Software
[2013.04.15 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.08.31 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\becker
[2013.02.12 18:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.09.28 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2012.12.26 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataCast
[2012.11.27 23:02:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.09.07 10:00:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure
[2013.04.15 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Glarysoft
[2012.11.10 23:57:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2012.07.31 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.12.12 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2013.04.24 14:10:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2013.03.27 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.05.2013 23:17:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,32% Memory free
5,93 Gb Paging File | 4,19 Gb Available in Paging File | 70,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,56 Gb Total Space | 207,77 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B599C9D-1D30-45A4-A846-EAC0A10C6CE2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3704C960-4723-49F7-AF93-D7EB4378B05C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DAB0FBD-F3BB-4BA5-AD12-CDCB46148FEC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{45DD84EE-9528-426D-B7CE-C92A48C2F044}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50140659-3234-4545-9060-B70DFEA198A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53E8D552-7D14-466D-8FD8-1121FE7929A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{554AC6E5-2415-4009-979C-31A544DAC8B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6ECF7D73-2054-4F3A-8268-308C4ABE3369}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75CBF18E-0BDD-436E-8BE3-E005983EA511}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{824C7C4C-C6EB-4DFB-BB7E-C6981869652E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{88A51224-99FF-403C-AAB5-84F56AAC5878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99D19777-E268-487A-9E34-1B998DFA4FEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4CF9981-52ED-4632-BEE5-C9FA9408ED3C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7DD3AA5-3B1E-4EA4-BF27-5AD7EE44B521}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{AEB03589-B406-44E8-ACE1-1A7CC4703104}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B03E5D86-C361-49C8-82FF-1C417DB9C799}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B10B9176-E2EA-4E9C-9C5E-3CAAB6DDA9CA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B65C13C1-CD8C-4473-BA9C-EC9C3DA9BC9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C7624BDB-356B-45EE-9C4A-C3234D32F5FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CEBD00FE-90BE-4F1F-A228-E41E41515355}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5A1FB4D-44A1-498F-982D-4440195E93E6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6882D8B-8A5E-4EF6-8249-60E0954CC11D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC3DE068-6A9F-4FCA-B9F1-1B3421B29A88}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8ACC6FE-C8E1-4886-9E97-DFF328CF6F09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A60951-0153-4E95-9C0B-AD7DE27B9CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C227153-EF2A-48CB-999C-184DF63B1609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D7449CE-5C73-437C-89A7-27E455702A38}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12.exe | 
"{11B400C5-B8A5-4D98-9DBC-8551859056F3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{123AB7C5-F0A9-4D97-889F-B1E1BE6630EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{15BD1362-375F-49B1-A3BA-2067BE42387F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{178A59DC-B003-4E22-BD77-8AA84761E42A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18DE730A-299F-429F-BBB3-89B8138C2EEC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{1B683190-7903-4487-8CDC-71A227994FFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{229DCFD7-5143-42C3-8F7E-5BAA8AEC5D41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2467F451-F474-41E2-A584-78A2BFBDEEF9}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{2E1788B2-8448-497C-9ACA-AECE8EF1294B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E5050B0-DE09-4566-B78A-4A0E0E27EC1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43D7C0AF-CC9A-4B65-B602-F2F7805429ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{454482C7-5D86-42BF-95F9-BCE8B09AAEC2}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{4F74CF38-EFC8-4502-B5E6-2B998542E52B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{685C308C-6386-4813-B5CB-ADD241155BDD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{6BF44B4C-A095-40D4-BE27-D426A8C499A7}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{78AE4D06-86F7-4CA5-B39C-8733ACFCF27A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79E2E2B9-F037-4E5B-970D-F6FF368658E1}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7C1CB1F6-8462-4754-BDCC-0CEF084F964F}" = dir=in | app=c:\program files\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"{7DEFEFA4-63A2-4885-A1BF-C72BD934AC04}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{8E08F500-28D0-417F-A31C-FEC620BC6EFB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{909843D5-992E-45B0-81FB-30A424B98C33}" = protocol=6 | dir=out | app=system | 
"{945955D4-07A8-4616-810D-0E4CD568B2BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9549CE2E-B504-49EA-80B2-6EA5DD43D082}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{A4FAC013-DD56-440D-9460-8A818EDFF001}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{AD894FFC-6812-4B9F-BFE1-613E8C35FE5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B382C7C9-A494-4230-9E69-3B7D8EDC61E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF83B2A5-8DCD-4E54-AD49-953FA380120F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{D18BF811-EF2B-4B8C-BBB0-2FE62332EDFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2F68CF8-040A-4A9C-9D54-1D24F380F31F}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{DA9F6318-9A34-464E-A985-C97A41DEFFB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F17F9E50-F6F9-40BF-AF6C-7D3D5BFB38E5}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F6544D9A-FE7B-4225-A580-7E800BA7AFDD}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{F6EC23A6-56F7-4CE9-AEC2-E8FEAB126474}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF0154EE-160C-4217-9AEB-CDBFBC80CC32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{58D649D8-0405-4704-8C14-CEA3ACF98FFB}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{5A6A9961-5663-4008-B814-92BB45A55169}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D241903A-6C03-4699-9EE6-38A3F2C39BB6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{F3993CAC-F3F7-4206-B612-28985439DB98}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{1AD9E4DB-2B3A-4FF9-B063-938E49131E06}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{425B7C71-4CAF-4A65-9AF4-853F27CAE62C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{95CE94C7-FF7D-4C92-A488-12D892A9E724}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{DC8E9920-71C6-43BE-B902-3EBE14C2B120}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AudibleDownloadManager" = Audible Download Manager
"avast" = avast! Free Antivirus
"AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0
"AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.0.25
"Brick-Force" = Brick-Force 
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Content Manager 2" = Content Manager 2
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"GIMP-2_is1" = GIMP 2.8.2
"Glary Utilities_is1" = Glary Utilities 2.54.0.1759
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"MAGIX mp3 maker SE" = MAGIX mp3 maker SE
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.4
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-699669428-1510781343-25146314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 15.04.2013 06:36:01 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
 
< End of report >
         
--- --- ---

[/CODE]

Alt 01.05.2013, 23:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2013, 18:18   #13
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



Hallo,

irgendwie habe ich das Gefühl das nimmt kein Ende. Es wird ja immer wieder etwas gefunden

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.02.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
*** :: ***-PC [Administrator]

Schutz: Aktiviert

02.05.2013 09:49:38
mbam-log-2013-05-02 (09-49-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276598
Laufzeit: 8 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4012c856e1572e4facfb46d1a5a8390b
# engine=13737
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 05:01:41
# local_time=2013-05-02 07:01:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 93 3088469 144223973 0 0
# compatibility_mode=5893 16776574 100 94 20906636 119145292 0 0
# scanned=956647
# found=4
# cleaned=0
# scan_time=31127
sh=68383D5612BC1F46A5B49ED38FB52C86DD8D51F5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\3onebcgf.default\Cache\4\C9\CF637d01"
sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABC application" ac=I fn="C:\Users\**\Downloads\SopCast-3.5.0.exe"
sh=DCA031CCCD3513AF593688567E9A3F756E5077A9 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.DI trojan" ac=I fn="C:\Windows.old\Documents and Settings\**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6e7cc78c-3d0fc28e"
sh=DCA031CCCD3513AF593688567E9A3F756E5077A9 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.DI trojan" ac=I fn="C:\Windows.old\Users\**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6e7cc78c-3d0fc28e"
         

Alt 03.05.2013, 22:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector entfernen - Standard

bprotector entfernen



Das sind doch nur Reste in Cache in Temp. Bitte TFC ausführen:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.05.2013, 20:10   #15
Mimi2000
 
bprotector entfernen - Standard

bprotector entfernen



OK das habe ich jetzt gemacht. Ein Neustart wurde nicht verlangt.
Kann ich jetzt davon ausgehen das alles ok ist?
Lag das nun an diesem bProtector oder hatte es mehrere Ursachen?
Was ist als Software zum Schutz am sinnvollsten? Sollte man in Abständen mit speziellen Programmen zusätzlich das System scannen?

Vielen Dank für die Mühe

Oh man jetzt ging gerade wieder ein Fenster von AVAST auf, dass ein Trojaner blockiert wurde...

05.05.2013 22:13:06 hxxp://www.dsl-user.de/forum/misc.php?v=387&g=js [L] HTML:RedirDL-inf [Trj] (0)

Wenn das blockiert wurde, ist das damit abgetan oder sollte man auch hier noch weitere Schritte einleiten?

Antwort

Themen zu bprotector entfernen
adwcleaner, bprotector, empfohlen, entferne, entfernen, ergebnis, gestern, google, googlen, immer wieder, installier, installiere, installieren, installiert, poste, programm, quarantäne, schön, superantispyware, verschoben, virenprogramm



Ähnliche Themen: bprotector entfernen


  1. ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
    Log-Analyse und Auswertung - 26.09.2014 (11)
  2. TR/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (12)
  3. TR/BProtector.Gen2 Trojaner entfernen
    Log-Analyse und Auswertung - 19.04.2014 (5)
  4. BProtector Gen Virus lässt sich von Avira nicht entfernen
    Log-Analyse und Auswertung - 09.04.2014 (11)
  5. TR/BProtector.Gen
    Log-Analyse und Auswertung - 03.04.2014 (9)
  6. TR/BProtector.gen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2014 (9)
  7. TR/BProtector.Gen in C:\ProgramData\Bitguard\... entfernen, bräuchte leicht verständliche Hilfe ohne Fachjargon
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (4)
  8. TR/BProtector.Gen
    Log-Analyse und Auswertung - 30.03.2014 (3)
  9. TR/BProtector.Gen in C:\ProgrammData
    Log-Analyse und Auswertung - 29.03.2014 (7)
  10. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  11. Systemabsturz nach Entfernen des Programms "ADWARE/BProtector.E" mit Avira
    Log-Analyse und Auswertung - 04.12.2013 (15)
  12. Systemabsturz nach Entfernen des Programms "ADWARE/BProtector.E" mit Avira
    Log-Analyse und Auswertung - 04.12.2013 (6)
  13. "Gen:Variant.Adware.BHO.Bprotector.1 (B)" entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  14. Ransomware (bprotector) entfernen, aber wie?
    Log-Analyse und Auswertung - 14.08.2013 (17)
  15. bProtector entdeckt
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (1)
  16. bprotector for Windows gefunden...Wie richtig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (23)
  17. bprotector und andere Malware - wie vollständig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (5)

Zum Thema bprotector entfernen - Hallo liebes Team, wäre schön, wenn mir jemand helfen könnte. Falls ich etwas nicht genau genug beschreibe, vergebt mir, ich bin ein Neuling. Mein Virenprogramm ist Avast. Gestern habe ich - bprotector entfernen...
Archiv
Du betrachtest: bprotector entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.