Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.05.2013, 10:21   #1
babykingdom
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Hatte in den letzten Tagen ein paar Meldungen von Avira. Habe zwar den Zugriff verweigern können, aber mit Avira werde ich die Dinger ja nicht los. Brauche Hilfe!!
Habe Windows 7 64 Bit Home Premium.

Hier der Log von Avira:

Exportierte Ereignisse:

14.05.2013 11:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmpbe4e7578\33.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bemi' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 11:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmpaaa29b69\14.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.57344.217' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 11:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmp8ffec80c\14.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.57344.217' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 11:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmped052c7a\13.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.I.9' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 11:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmp68a6ccd5\89.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bejm' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 11:03 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmp21b3db55.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.225280.436' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

14.05.2013 10:23 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bemi'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e350d4.qua'
verschoben!

14.05.2013 10:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bemi' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

13.05.2013 19:32 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bejm' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

13.05.2013 19:32 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bejm' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

10.05.2013 23:00 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Local\Temp\tmp2acffc4e\fer.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.225280.436' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

10.05.2013 19:51 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.I.9' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!

09.05.2013 13:19 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.57344.217'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59611862.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\SOFTWARE\Microsoft\Wi
ndows\CurrentVersion\Run\IExplorer Util> konnte nicht repariert werden.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

09.05.2013 13:18 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Anna\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.57344.217' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

Geändert von babykingdom (14.05.2013 um 10:35 Uhr)

Alt 14.05.2013, 10:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 14.05.2013, 11:17   #3
babykingdom
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Hallo und vielen Dank für die Antwort!!
Hier die OTL Logs:

Code:
ATTFilter
OTL logfile created on: 14.05.2013 11:53:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 52,22% Memory free
7,73 Gb Paging File | 5,53 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 298,73 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
 
Computer Name: BABYKINGDOM | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Adobe Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Adobe Version Cue CS2) -- c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://intern.anzeigendaten.de/index.cfm
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE391DE392
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.last.fm/user/dozingSTARZ"
FF - prefs.js..extensions.enabledAddons: rikaichan-jpde%40polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledAddons: rikaichan-jpnames%40polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.05
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.6
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.00.100530
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.13 19:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:42:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:42:04 | 000,000,000 | ---D | M]
 
[2010.08.04 15:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2013.01.12 23:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\35i7m5h8.default\extensions
[2012.08.02 15:38:26 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\35i7m5h8.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.03.30 20:33:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\35i7m5h8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.30 10:24:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\35i7m5h8.default\extensions\rikaichan-jpde@polarcloud.com
[2011.05.31 09:20:13 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\35i7m5h8.default\extensions\rikaichan-jpnames@polarcloud.com
[2012.02.29 08:43:10 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\35i7m5h8.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.07.25 09:45:42 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\35i7m5h8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 10:19:35 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\35i7m5h8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.05.14 07:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 21:42:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.11 21:42:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.12 23:45:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 23:45:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 23:45:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 23:45:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 23:45:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 23:45:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.last.fm/user/babykingdom/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anna\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Iron Man 3 = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkgohjhkmajdealpbnfimnchjepjmii\1.2_0\
CHR - Extension: rikaikun = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Google Mail = C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.05.15 20:05:15 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4065927231-1262645147-2254374329-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACC78DF-0CA1-43F8-998C-07DBB6F52F4A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.14 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2013.05.14 10:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 10:26:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.14 10:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.14 10:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.14 10:24:39 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.14 10:22:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013.05.13 19:45:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.13 19:42:07 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.07 15:45:24 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.06 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.06 20:14:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.06 20:14:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.06 20:14:47 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.06 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Viufac
[2013.05.06 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Ukiz
[2013.05.06 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Oxvir
[2011.06.24 18:00:24 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 11:45:33 | 000,001,316 | ---- | M] () -- C:\Users\Anna\Desktop\Ereignisse.zip
[2013.05.14 11:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001UA.job
[2013.05.14 11:39:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 11:39:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 11:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 11:08:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.14 11:07:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 11:07:48 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 11:06:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.14 10:26:34 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 10:25:00 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Anna\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.14 10:24:58 | 000,628,743 | ---- | M] () -- C:\Users\Anna\Desktop\adwcleaner.exe
[2013.05.14 10:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2013.05.13 20:29:53 | 000,464,518 | ---- | M] () -- C:\Users\Anna\Desktop\öoihoi.PNG
[2013.05.13 19:42:05 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001Core.job
[2013.05.13 19:39:24 | 000,000,551 | ---- | M] () -- C:\Windows\wininit.ini
[2013.05.09 19:44:58 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 19:44:58 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 19:44:58 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 19:44:58 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 19:44:58 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 15:45:12 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.04.16 08:41:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.16 08:41:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.05.14 11:45:33 | 000,001,316 | ---- | C] () -- C:\Users\Anna\Desktop\Ereignisse.zip
[2013.05.14 10:26:34 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 10:24:49 | 000,628,743 | ---- | C] () -- C:\Users\Anna\Desktop\adwcleaner.exe
[2013.05.13 20:29:53 | 000,464,518 | ---- | C] () -- C:\Users\Anna\Desktop\öoihoi.PNG
[2013.04.04 19:16:23 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.04.04 19:16:23 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.01.17 23:31:36 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.02 11:05:56 | 000,000,310 | ---- | C] () -- C:\Windows\ulead32.ini
[2010.08.05 15:18:59 | 000,000,086 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\wklnhst.dat
[2009.11.06 02:41:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2005.03.21 14:41:02 | 000,012,793 | ---- | C] () -- C:\Program Files (x86)\How To Install.html
[2005.02.25 15:37:00 | 000,157,035 | ---- | C] () -- C:\Program Files (x86)\LegalNotices.pdf
[2005.02.23 12:24:12 | 000,002,773 | ---- | C] () -- C:\Program Files (x86)\Read Me First.html
[2005.02.22 14:32:14 | 002,723,276 | ---- | C] () -- C:\Program Files (x86)\Photoshop New Features.pdf
[2005.02.22 14:31:44 | 000,142,049 | ---- | C] () -- C:\Program Files (x86)\Photoshop At A Glance.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.05 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Amazon
[2012.08.04 11:59:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ
[2013.01.10 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Jane
[2013.01.17 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Opera
[2013.05.13 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxvir
[2013.01.08 12:42:56 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PhotoFiltre 7
[2010.12.11 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst
[2011.10.18 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Samsung
[2012.04.17 13:32:37 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Temp
[2011.11.13 17:34:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template
[2013.05.06 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Ukiz
[2013.05.14 11:07:47 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Viufac
[2011.04.03 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:CFF6B3FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 14.05.2013 11:53:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 52,22% Memory free
7,73 Gb Paging File | 5,53 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 298,73 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
 
Computer Name: BABYKINGDOM | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5D28D3-B244-46DB-B0FE-BB6A1465B0FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20B4FD98-4598-49A3-ADD3-D3C92F8B07BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20B64667-F619-4A9F-B899-3960345660A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{254D2956-5BB2-46B9-B967-4532A97F47BE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{272BFD94-2463-4486-8F1B-352BBA20B420}" = rport=138 | protocol=17 | dir=out | app=system | 
"{341298E9-7315-4B31-BDEB-01F0E0E222E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{459E7E07-60DF-47E9-A461-363976D77DBF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{47DCF992-1534-4D97-A941-EFCCCAB02BAB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{546A45DF-8874-4DC8-869E-32C38F78B4C9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5624BB04-7DBA-42F0-87F5-4C5932E47D69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61A9891C-099B-4C49-8FA3-26F3AC0B8187}" = rport=139 | protocol=6 | dir=out | app=system | 
"{733777F4-D518-4CE9-809D-DA59BCC79FFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7ED69920-C52E-4E12-AA9E-67B3A4A31710}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{808B5376-2751-4487-945A-72B5EFEA68BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CA6A2BA-77B7-463B-A144-041200D0FD97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99575E56-15F5-4C9E-ACDD-A15E7ED837F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A4C35D7F-07FB-4BD5-86AF-2F60F333C24E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AA562F9A-FC7F-49E6-A5EC-11E1A526C22D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BEEFB65D-2CB4-47E4-8F6A-03EEA1AB7B97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C09EAF23-4E22-4CDE-B221-6407F4531B94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1C2710A-AF68-4F6B-8E69-1017CC3AE5C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D3833B73-85CF-4FF1-A371-F48A50A68C12}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC66DBB3-2406-4641-ACC5-2F9017DF8CAA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E55EF15A-8766-4ED6-88DD-10D1876B8E34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E6A99A5C-295D-4054-A0AB-64E450AA7211}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE85656F-4052-4C4E-BF10-89FD0778AEF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF8FF808-7F60-434C-AFF9-453EF823E318}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0612B75D-7BB0-4952-A763-DA7E1CF9F580}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{12DAC12C-0D88-4707-A711-56AEBC0DBF53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1D99558F-52E5-416E-A415-8480239B975C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2D118B7E-06EE-4825-902D-F06F787364E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EBDD679-026B-41AF-BD92-988B9EA910C6}" = protocol=17 | dir=in | app=c:\users\anna\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{31C28607-F051-4604-8EC1-EFFCC3A38360}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3338FD78-F226-4727-A3A0-B5753BACC6FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{426CA5B2-8E2B-48C6-B331-011E1BFD730F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4398B24B-406E-4C4F-A1F8-AA29F7ED790A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46BBF012-ECE5-41B0-A84C-C17412C359D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{515E507B-FD2B-4658-B74C-A7D651C0B1BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5F3D96FE-EE37-4D54-AF08-7AB578FE7C71}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{60608BF2-4D8C-42DF-AB4B-5A27FC80B58F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{60AACC76-E175-4029-A222-F6FD1227C1E1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{62E77920-6BE7-4AF2-B75B-66123DDBAD03}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63767207-73CC-454A-9CAC-0F51B16F3703}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6666EE53-F301-4483-9106-D6F17E12770B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{67FF83BC-886F-4A45-B2C7-4C694509FD4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74AD758B-0D67-4656-A6BC-1B3B6AF9AE6A}" = protocol=17 | dir=in | app=d:\alicecd.exe | 
"{7C62BE8E-78AA-4421-B946-FF14372F02C1}" = protocol=17 | dir=in | app=c:\adobe creative suite cs2\adobe version cue cs2\bin\versioncuecs2.exe | 
"{7E5DC14F-F275-45CB-837A-42250699DE5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{804D248F-A379-4E20-B2CE-99F529928844}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81B6BD2E-6B82-4126-9E9E-1701053FD703}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{869F194D-3D5E-4156-B94D-173670232BFD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8DC6CD5C-A675-42D0-9AFE-F1A5BE47DD3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90297FBD-BB8E-4377-96A2-5999BE0B0A63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A0A45AC2-EDFC-4FE9-AAF3-1B5FD69284CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2B5AE71-7C82-46FE-AC17-38B0F0609047}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A2FCEAA2-ACCD-4C0B-B664-FD98511CC472}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A40AACB0-6594-455D-9164-6ED41E3F5A05}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{AC18D0F4-6B2E-4AD0-80D5-B3A3B3118770}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AEA717DF-246C-4B5F-A230-AF658B94AAC8}" = protocol=6 | dir=out | app=system | 
"{B14B82A5-4B03-47E9-B4CD-41CF253C92AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B169F810-A393-4860-A0AA-6CA9EB79D282}" = protocol=6 | dir=in | app=c:\adobe creative suite cs2\adobe version cue cs2\bin\versioncuecs2.exe | 
"{C169B343-D306-467B-9835-B39D827275EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C203FBC4-DEEF-435E-B36A-984356EEAA86}" = dir=in | app=c:\program files (x86)\janetter2\bin\janettersrv.exe | 
"{C3B0FDA3-7F37-40BF-9670-AF3CC90EE43A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C434E936-F052-4787-ACFB-5A8FBEF60F15}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C871182A-B5E3-417B-95A2-B828EBA5BA3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CBA7CB6A-6E55-46B0-8B66-85EC0A1EA85F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CDA51BFD-5B98-4770-AE0E-AAB6DB528E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5529249-A79E-4DA5-84CC-3303E54E1133}" = protocol=6 | dir=in | app=d:\alicecd.exe | 
"{D655D22C-8C13-4503-A28A-5C759E2DA1B9}" = protocol=6 | dir=in | app=c:\users\anna\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{E7E7A6F7-9E9E-417D-84EB-B368FBFCF1FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FA44F625-0E95-45B2-9277-57D3C5F1899E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{1E8DAD54-C9C3-4FC2-A066-1E880C17DFD7}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{8BC22C93-45CD-4DCB-B9C2-CD6DB54AD8C2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{9ABFCEAD-42B1-4454-B336-CDABFF04846D}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{227D1734-8096-42F0-B40A-FE5844F8B5F3}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{C330E4F0-35D9-4789-83FF-0203B9F78FBA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{CB46B765-493D-46A3-A4F8-ACCD6EC9A563}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7bbe3a92-81e9-4182-a9e0-557a276ded64}" = Nero 9 Essentials
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Cooking Dash 3 - Thrills and Spills" = Cooking Dash 3: Thrills and Spills
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FeedDemon_is1" = FeedDemon
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hotpot_is1" = HotPotatoes v 6.3.0.4
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"Janetter2_is1" = Janetter 4.1.1.0
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Metaboli" = Metaboli
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Welcome Center" = Welcome Center
"PackardBell Screensaver" = PackardBell ScreenSaver
"PDF Blender" = PDF Blender
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 02:19:32 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   19 3.1.168.192.in-addr.arpa.
 PTR babykingdom.local.
 
Error - 13.05.2013 03:10:34 | Computer Name = babykingdom | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.05.2013 13:31:31 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   21 3.1.168.192.in-addr.arpa.
 PTR babykingdom-2.local.
 
Error - 13.05.2013 13:31:31 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   19 3.1.168.192.in-addr.arpa.
 PTR babykingdom.local.
 
Error - 14.05.2013 01:07:48 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   21 3.1.168.192.in-addr.arpa.
 PTR babykingdom-2.local.
 
Error - 14.05.2013 01:07:48 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   19 3.1.168.192.in-addr.arpa.
 PTR babykingdom.local.
 
Error - 14.05.2013 04:16:45 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   21 3.1.168.192.in-addr.arpa.
 PTR babykingdom-2.local.
 
Error - 14.05.2013 04:16:45 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   19 3.1.168.192.in-addr.arpa.
 PTR babykingdom.local.
 
Error - 14.05.2013 05:08:32 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   21 3.1.168.192.in-addr.arpa.
 PTR babykingdom-2.local.
 
Error - 14.05.2013 05:08:32 | Computer Name = babykingdom | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   19 3.1.168.192.in-addr.arpa.
 PTR babykingdom.local.
 
[ System Events ]
Error - 06.05.2013 14:08:05 | Computer Name = babykingdom | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 08.05.2013 13:13:49 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 13.05.2013 02:19:28 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%14
 
Error - 13.05.2013 13:33:25 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 13.05.2013 13:33:25 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 13.05.2013 13:34:28 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 14.05.2013 04:17:38 | Computer Name = babykingdom | Source = DCOM | ID = 10010
Description = 
 
Error - 14.05.2013 05:10:09 | Computer Name = babykingdom | Source = DCOM | ID = 10005
Description = 
 
Error - 14.05.2013 05:10:09 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 iPod-Dienst erreicht.
 
Error - 14.05.2013 05:10:09 | Computer Name = babykingdom | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
 
< End of report >
         
__________________

Alt 14.05.2013, 13:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Bitte ein Log mit cf machen

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2013, 14:15   #5
babykingdom
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



CF-Log:

Code:
ATTFilter
ComboFix 13-05-14.01 - Anna 14.05.2013  14:56:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2199 [GMT 2:00]
ausgeführt von:: c:\users\Anna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
c:\users\Anna\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Anna\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\Temp\log.txt
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-14 bis 2013-05-14  ))))))))))))))))))))))))))))))
.
.
2013-05-14 13:07 . 2013-05-14 13:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-14 13:01 . 2013-05-14 13:01	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75405DE4-35CA-480F-87CA-50EF449ECD49}\offreg.dll
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\users\Anna\AppData\Roaming\Malwarebytes
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-14 08:26 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-10 17:41 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75405DE4-35CA-480F-87CA-50EF449ECD49}\mpengine.dll
2013-05-07 13:45 . 2013-05-07 13:45	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-06 18:14 . 2013-05-06 18:14	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-06 18:14 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 18:00 . 2013-05-14 09:07	--------	d-----w-	c:\users\Anna\AppData\Roaming\Viufac
2013-05-06 18:00 . 2013-05-13 20:33	--------	d-----w-	c:\users\Anna\AppData\Roaming\Oxvir
2013-05-06 18:00 . 2013-05-06 18:00	--------	d-----w-	c:\users\Anna\AppData\Roaming\Ukiz
2013-04-28 18:21 . 2013-04-28 18:21	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-24 17:27 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 05:08 . 2011-08-05 05:45	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-08-04 13:03	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-16 06:41 . 2012-04-01 07:15	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-16 06:41 . 2011-05-18 06:41	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 20:51 . 2010-08-07 08:18	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 03:36 . 2012-09-07 17:37	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-04-04 03:35 . 2010-10-07 10:08	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-02 08:18 . 2013-04-02 08:18	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-02 08:18 . 2013-04-02 08:18	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-02 08:18 . 2013-04-02 08:18	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-20 08:07 . 2013-04-04 17:16	233472	----a-w-	c:\windows\SysWow64\FsUsbExService.Exe
2013-03-20 08:07 . 2013-04-04 17:16	37344	----a-w-	c:\windows\SysWow64\FsUsbExDisk.Sys
2013-03-20 08:02 . 2011-09-16 09:54	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-03-20 08:02 . 2011-09-16 09:54	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-03-19 06:04 . 2013-04-10 17:10	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 17:10	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 17:10	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 17:10	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 17:10	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 17:10	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 17:10	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-22 07:17 . 2013-04-04 17:17	203544	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-02-22 07:17 . 2013-04-04 17:17	102936	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-02-22 06:57 . 2013-04-10 20:49	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 20:49	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 20:50	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 20:50	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 20:50	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 20:50	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 20:50	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 20:50	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 20:50	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 20:50	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 20:50	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 20:50	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 20:49	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 20:50	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 20:50	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 20:50	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 20:50	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 20:50	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 20:50	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 20:50	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 20:50	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 20:50	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 17:10	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 17:10	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 17:10	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 17:10	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 17:10	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 17:10	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2003-03-21 11:45 . 2011-06-24 16:00	250544	----a-w-	c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-03-28 1106288]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-09-24 262912]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-11-09 1519743]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe Version Cue CS2"="c:\adobe creative suite cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-03-20 37344]
R3 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-22 203544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 28600]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-02 86752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:41]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 12:57]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 12:57]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001Core.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:57]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001UA.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://intern.anzeigendaten.de/index.cfm
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\35i7m5h8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.last.fm/user/dozingSTARZ
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-14  15:11:34
ComboFix-quarantined-files.txt  2013-05-14 13:11
.
Vor Suchlauf: 17 Verzeichnis(se), 320.784.539.648 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 321.811.296.256 Bytes frei
.
- - End Of File - - DA691567D3B5A185A532BCE385004972
         


Alt 14.05.2013, 15:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\Anna\AppData\Roaming\Viufac
    c:\users\Anna\AppData\Roaming\Oxvir
    c:\users\Anna\AppData\Roaming\Ukiz
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
--> Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.

Alt 14.05.2013, 16:04   #7
babykingdom
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Suspect und Collect wurde nicht verlangt.

Code:
ATTFilter
ComboFix 13-05-14.01 - Anna 14.05.2013  16:48:50.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.1733 [GMT 2:00]
ausgeführt von:: c:\users\Anna\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anna\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anna\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Anna\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-14 bis 2013-05-14  ))))))))))))))))))))))))))))))
.
.
2013-05-14 14:59 . 2013-05-14 14:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-14 13:01 . 2013-05-14 13:01	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75405DE4-35CA-480F-87CA-50EF449ECD49}\offreg.dll
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\users\Anna\AppData\Roaming\Malwarebytes
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-14 08:26 . 2013-05-14 08:26	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-14 08:26 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-10 17:41 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75405DE4-35CA-480F-87CA-50EF449ECD49}\mpengine.dll
2013-05-07 13:45 . 2013-05-07 13:45	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-06 18:14 . 2013-05-06 18:14	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-06 18:14 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-06 18:00 . 2013-05-14 09:07	--------	d-----w-	c:\users\Anna\AppData\Roaming\Viufac
2013-05-06 18:00 . 2013-05-13 20:33	--------	d-----w-	c:\users\Anna\AppData\Roaming\Oxvir
2013-05-06 18:00 . 2013-05-06 18:00	--------	d-----w-	c:\users\Anna\AppData\Roaming\Ukiz
2013-04-28 18:21 . 2013-04-28 18:21	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-24 17:27 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 05:08 . 2011-08-05 05:45	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-08-04 13:03	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-16 06:41 . 2012-04-01 07:15	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-16 06:41 . 2011-05-18 06:41	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 20:51 . 2010-08-07 08:18	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 03:36 . 2012-09-07 17:37	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-04-04 03:35 . 2010-10-07 10:08	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-02 08:18 . 2013-04-02 08:18	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-02 08:18 . 2013-04-02 08:18	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-02 08:18 . 2013-04-02 08:18	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-20 08:07 . 2013-04-04 17:16	233472	----a-w-	c:\windows\SysWow64\FsUsbExService.Exe
2013-03-20 08:07 . 2013-04-04 17:16	37344	----a-w-	c:\windows\SysWow64\FsUsbExDisk.Sys
2013-03-20 08:02 . 2011-09-16 09:54	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-03-20 08:02 . 2011-09-16 09:54	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-03-19 06:04 . 2013-04-10 17:10	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 17:10	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 17:10	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 17:10	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 17:10	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 17:10	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 17:10	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-22 07:17 . 2013-04-04 17:17	203544	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-02-22 07:17 . 2013-04-04 17:17	102936	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-02-22 06:57 . 2013-04-10 20:49	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 20:49	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 20:50	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 20:50	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 20:50	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 20:50	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 20:50	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 20:50	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 20:50	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 20:50	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 20:50	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 20:50	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 20:49	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 20:50	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 20:50	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 20:50	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 20:50	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 20:50	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 20:50	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 20:50	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 20:50	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 20:50	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 17:10	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 17:10	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 17:10	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 17:10	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 17:10	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 17:10	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2003-03-21 11:45 . 2011-06-24 16:00	250544	----a-w-	c:\program files (x86)\Common Files\keyhelp.ocx
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-03-28 1106288]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-09-24 262912]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-11-09 1519743]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe Version Cue CS2"="c:\adobe creative suite cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-03-20 37344]
R3 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-22 203544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 28600]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-02 86752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:41]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 12:57]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 12:57]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001Core.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:57]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065927231-1262645147-2254374329-1001UA.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 12:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://intern.anzeigendaten.de/index.cfm
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360810h1b6l04h0z155f44l1y674
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\35i7m5h8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.last.fm/user/dozingSTARZ
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4065927231-1262645147-2254374329-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-14  17:02:30
ComboFix-quarantined-files.txt  2013-05-14 15:02
ComboFix2.txt  2013-05-14 13:11
.
Vor Suchlauf: 22 Verzeichnis(se), 321.631.907.840 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 321.574.674.432 Bytes frei
.
- - End Of File - - D67F2F253889FD064876037D33BE5DFF
         

Alt 14.05.2013, 16:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



iwie hat cf nicht das gemacht was ich wollte, aber egal

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2013, 16:53   #9
babykingdom
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



Mbar hat komischerweise nichts gefunden... Sollte ein gutes Zeichen sein, oder?

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-14 17:25:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Anna\AppData\Local\Temp\uxlyypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                fffff800031ac000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                fffff800031ac02f 23 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!free                                 0000000075c29894 5 bytes JMP 000000010a90d2d0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!malloc                               0000000075c29cee 5 bytes JMP 000000010a90d230
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z                         0000000075c2b0b9 5 bytes JMP 000000010a90d2d0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z                         0000000075c2b0c9 5 bytes JMP 000000010a90d480
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!realloc                              0000000075c2b10d 5 bytes JMP 000000010a90d2b0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!calloc                               0000000075c2c456 5 bytes JMP 000000010a90d270
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_msize                               0000000075c2f43b 5 bytes JMP 000000010a90d2e0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_aligned_free                        0000000075c45942 5 bytes JMP 000000010a90d2d0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc                      0000000075c5028d 5 bytes JMP 000000010a90d3c0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc               0000000075c502a9 5 bytes JMP 000000010a90d3e0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z   0000000075c7bfd1 5 bytes JMP 000000010a90d500
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc              0000000075c7bfe1 5 bytes JMP 000000010a90d420
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc                     0000000075c7c16b 5 bytes JMP 000000010a90d400
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_expand                              0000000075c7c18a 5 bytes JMP 000000010a90d3a0
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapadd                             0000000075c7dd03 5 bytes JMP 000000010a90d550
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapchk                             0000000075c7dd17 5 bytes JMP 000000010a90d560
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapset + 1                         0000000075c7de16 4 bytes {JMP 0xffffffff94c8f76b}
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapmin                             0000000075c7de1f 5 bytes JMP 000000010a90d650
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapused                            0000000075c7df05 5 bytes JMP 000000010a90d620
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\msvcrt.dll!_heapwalk                            0000000075c7df18 5 bytes JMP 000000010a90d590
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000074e11465 2 bytes [E1, 74]
.text     c:\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000074e11465 2 bytes [E1, 74]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     0000000074e114bb 2 bytes [E1, 74]
.text     ...                                                                                                                                               * 2

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: BABYKINGDOM [administrator]

14.05.2013 17:51:52
mbar-log-2013-05-14 (17-51-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30745
Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 15.05.2013, 09:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Standard

Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.
appdata, brauche, dinger, fehler, hilfe!, iexplorer, malware, meldungen, microsoft, namen, neustart, nicht gefunden, programm, quelldatei, roaming, software, tr/agent.225280.436, tr/bublik.i.9, tr/psw.zbot., tr/psw.zbot.57344.217, tr/ransom.blocker.bejm, tr/ransom.blocker.bemi, trojan, trojaner, unerwünschtes programm, version, virus, windows 7 64 bit home, zugriff




Ähnliche Themen: Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz
    Log-Analyse und Auswertung - 19.08.2013 (4)
  3. TR/Ransom.Blocker.cafz
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  4. TR/Ransom.Blocker mein OTL-Log
    Log-Analyse und Auswertung - 29.07.2013 (15)
  5. TR/Spy.ZBot.mltm / TR/Bublik.I.16 / TR/Ransom.Blocker.blak / TR/Agent.57344.206 / TR/Bublik.I.14
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (11)
  6. TR/Ransom.Blocker EXP/Java.HLP.FW TR/Drop.Dapato.cdtt PC infiziert
    Log-Analyse und Auswertung - 29.06.2013 (34)
  7. PC gespeert - Ransom Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (19)
  8. Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (23)
  9. Diverse hartnäckige Trojaner TR/Ransom.Blocker
    Log-Analyse und Auswertung - 09.06.2013 (17)
  10. XP System infiziert! TR/Ransom.Blocker.bgtk/.bgjy-EXP/Pidief.eho-EXP/CVE-2013-1493.A.87
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (13)
  11. Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'
    Log-Analyse und Auswertung - 29.05.2013 (7)
  12. Avira hat Trojaner gefunden. TR/Ransom.Blocker.bemi. Bitte um Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  13. Avira hat Trojaner gefunden TR/Ransom.Blocker
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (1)
  14. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  15. EXP/Java.HLP.A.1044 und TR/Ransom.Blocker.bajc (BKA Trojaner?)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (15)
  16. Avira findet Trojaner TR/Ransom.Blocker.bboz und TR/PSW.Zbot.274432.6
    Log-Analyse und Auswertung - 24.04.2013 (5)
  17. 2 Ransom Trojaner (J3016Nvi.exe und wgsdgsdgdsgsd) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (3)

Zum Thema Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. - Hatte in den letzten Tagen ein paar Meldungen von Avira. Habe zwar den Zugriff verweigern können, aber mit Avira werde ich die Dinger ja nicht los. Brauche Hilfe!! Habe Windows - Trojaner eingefangen TR/Ransom.Blocker.bejm & Co....
Archiv
Du betrachtest: Trojaner eingefangen TR/Ransom.Blocker.bejm & Co. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.