Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Tojaner - Start im abgesicherten Modus nicht möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.05.2013, 00:19   #16
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Hallo Cosinus,

der Rechner ist von meinem Bruder und der hatte Probleme mit dem GVU-Virus. Da hat er galube ich mit den Programmen den Trojanere beseitigen können. Ich dachte man könnte die Programme noch verwenden..

falsch gedacht...?

Alt 20.05.2013, 21:47   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Naja, es ist kein Vorwurf. Ich frage mich nur, warum ohne Anweisung dieses Tool genutzt wurde. Was ihr mit eurem Rechner macht müsste ihr selbst wissen.

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 21.05.2013, 08:59   #18
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Hi Cosinus,

anbei erhältst du beide Dateien.

Vielen Dank
__________________

Alt 21.05.2013, 13:12   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Warum denn jetzt im Anhang?!
Poste die Logs bitte in CODE-Tags

Alt 21.05.2013, 20:19   #20
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



ok
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BASIS [limited]

21.05.2013 01:07:08
mbar-log-2013-05-21 (01-07-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31108
Time elapsed: 30 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Daniel\AppData\Local\Temp\dgwmjou (Trojan.Zbot.ED) -> Delete on reboot.

(end)
         
und GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 00:16:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0003SDM1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\fxldqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                           fffff800031b6000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                           fffff800031b6042 4 bytes [00, 00, 00, 00]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                              fffff960000f4000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                          fffff960000f4008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Daniel\Downloads\gmer_2.1.19163.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077561465 2 bytes [56, 77]
.text     C:\Users\Daniel\Downloads\gmer_2.1.19163.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000775614bb 2 bytes [56, 77]
.text     ...                                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [756:1832]                                                                                                   000007fefc232154
Thread    C:\Windows\system32\svchost.exe [980:4424]                                                                                                   000007fef4c75124
Thread    C:\Windows\system32\svchost.exe [980:5844]                                                                                                   000007fefb584164
Thread    C:\Windows\system32\svchost.exe [980:1480]                                                                                                   000007fef0ff1ab0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:840]                                                                                                      000000000040ce17
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1208]                                                                                                     00000000744a17a4
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1292]                                                                                                     00000000563aa680
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1296]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1300]                                                                                                     00000000561c82a0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1304]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1308]                                                                                                     0000000055ca1190
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1312]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1316]                                                                                                     0000000055e37240
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1320]                                                                                                     00000000563aa680
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1328]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1676]                                                                                                     00000000555d7290
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1684]                                                                                                     0000000055f8a790
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1756]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1760]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1764]                                                                                                     0000000055fae790
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1768]                                                                                                     0000000055faa120
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1772]                                                                                                     0000000055413bc0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1776]                                                                                                     000000000146b0a0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1780]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1788]                                                                                                     0000000055fab0a0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1792]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1812]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1816]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1820]                                                                                                     00000000553554e0
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1824]                                                                                                     0000000055c94d60
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1828]                                                                                                     0000000055ca1190
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1908]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1912]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1916]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1920]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1924]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1928]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:2020]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:2032]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1408]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1360]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1420]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1428]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:280]                                                                                                      000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1044]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1624]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1588]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1584]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1572]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1784]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1804]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1808]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1596]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1540]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1536]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1840]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1080]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:1672]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:2076]                                                                                                     0000000073d04d20
Thread    C:\Windows\SysWOW64\ntdll.dll [312:2080]                                                                                                     0000000073d04d20
Thread    C:\Windows\SysWOW64\ntdll.dll [312:2552]                                                                                                     000000007232d497
Thread    C:\Windows\SysWOW64\ntdll.dll [312:3200]                                                                                                     000000007232d497
Thread    C:\Windows\system32\svchost.exe [1848:4324]                                                                                                  000007fef33a3f1c
Thread    C:\Windows\system32\svchost.exe [1848:4328]                                                                                                  000007fef32f1a38
Thread    C:\Windows\system32\svchost.exe [1848:4332]                                                                                                  000007fef32e5388
Thread    C:\Windows\system32\svchost.exe [1848:4340]                                                                                                  000007fef32c7738
Thread    C:\Windows\system32\svchost.exe [1848:4356]                                                                                                  000007fef32b1f90
Thread    C:\Windows\System32\spoolsv.exe [1576:3388]                                                                                                  000007fef78410c8
Thread    C:\Windows\System32\spoolsv.exe [1576:3432]                                                                                                  000007fef59d6144
Thread    C:\Windows\System32\spoolsv.exe [1576:3444]                                                                                                  000007fef55c5fd0
Thread    C:\Windows\System32\spoolsv.exe [1576:3472]                                                                                                  000007fef7823438
Thread    C:\Windows\System32\spoolsv.exe [1576:3476]                                                                                                  000007fef55c63ec
Thread    C:\Windows\System32\spoolsv.exe [1576:3504]                                                                                                  000007fefa385e5c
Thread    C:\Windows\System32\spoolsv.exe [1576:3520]                                                                                                  000007fef5a55074
Thread    C:\Windows\System32\spoolsv.exe [1576:3768]                                                                                                  000007fef5a37b4c
Thread     [2564:2604]                                                                                                                                 00000000775e2e25
Thread     [2564:6972]                                                                                                                                 00000000775e3e45
Thread    C:\Windows\SysWOW64\ntdll.dll [2912:2916]                                                                                                    00000000004028bf
Thread    C:\Windows\system32\svchost.exe [2272:3332]                                                                                                  0000000074bf6100
Thread    C:\Windows\system32\svchost.exe [2272:3336]                                                                                                  0000000074bf6100
Thread    C:\Windows\system32\svchost.exe [2272:3612]                                                                                                  000007fef54635c0
Thread    C:\Windows\system32\svchost.exe [2272:3828]                                                                                                  000007fef5465600
Thread    C:\Windows\system32\svchost.exe [2272:5160]                                                                                                  000007fef0a12888
Thread    C:\Windows\system32\svchost.exe [2272:5520]                                                                                                  000007fef09b2940
Thread    C:\Windows\SysWOW64\ntdll.dll [3416:3420]                                                                                                    000000000001430e
Thread    C:\Windows\SysWOW64\ntdll.dll [3416:3496]                                                                                                    0000000073d04d20
Thread    C:\Windows\SysWOW64\ntdll.dll [3416:3500]                                                                                                    0000000073d04d20
Thread    C:\Windows\SysWOW64\ntdll.dll [3416:3508]                                                                                                    00000000712e184f
Thread    C:\Windows\SysWOW64\ntdll.dll [3416:3512]                                                                                                    00000000712e184f
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:1120]                                                                                                    00000000001c6d1b
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:3248]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:3280]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:3288]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:3320]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:2056]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:976]                                                                                                     00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:5092]                                                                                                    00000000001c86b6
Thread    C:\Windows\SysWOW64\ntdll.dll [2424:5532]                                                                                                    00000000001c86b6
Thread    C:\Windows\System32\svchost.exe [3304:6068]                                                                                                  000007feef709688
Thread    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [620:4120]                                                           0000000074bf6100
Thread    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [620:4124]                                                           0000000074bf6100
Thread    C:\Windows\system32\svchost.exe [5836:5868]                                                                                                  000007feff62a808
Thread    C:\Windows\system32\svchost.exe [5836:2216]                                                                                                  000007fefe066e60
Thread     [4384:2900]                                                                                                                                 000007fef6dccc10
Thread     [4384:5232]                                                                                                                                 000007fef6c8b564
Thread     [4384:5924]                                                                                                                                 00000000773caec0
Thread     [4384:5580]                                                                                                                                 000007fef6c8b564
Thread     [4384:5588]                                                                                                                                 000007fef6d9f718
Thread     [4384:6040]                                                                                                                                 000007fef6c8b564
Thread     [4384:6056]                                                                                                                                 000007fef72c6050
Thread     [4384:2984]                                                                                                                                 000007fef6c8b564
Thread     [4384:3484]                                                                                                                                 000007fefbbd2a7c
Thread     [4384:4892]                                                                                                                                 000007fef6c8b564
Thread     [4384:3404]                                                                                                                                 000007fef6c8b564
Thread     [4384:5688]                                                                                                                                 000007fef6c8b564
Thread     [4384:3408]                                                                                                                                 000007fef6c8143c
Thread     [4384:5352]                                                                                                                                 000007fef6c8b564
Thread     [4384:4820]                                                                                                                                 000007fef6c8b564
Thread     [4384:5592]                                                                                                                                 00000000634c6c88
Thread     [4384:6036]                                                                                                                                 000007fef6c8b564
Thread     [4384:1628]                                                                                                                                 000007fef6c8b564
Thread     [4384:4888]                                                                                                                                 00000000773cfbc0
Thread     [4384:5012]                                                                                                                                 000007fef6c8b564
Thread     [4384:4256]                                                                                                                                 00000000773cfbc0
Thread     [4384:4824]                                                                                                                                 00000000773cfbc0
Thread     [4384:6260]                                                                                                                                 00000000774aa940
Thread     [4384:644]                                                                                                                                  000007fef6c8b564
Thread     [4384:7060]                                                                                                                                 00000000773cfbc0

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}\Connection@Name  isatap.{39EA3782-9919-4BF8-9DBE-7D3C800A5F92}
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}@InterfaceName                       isatap.{39EA3782-9919-4BF8-9DBE-7D3C800A5F92}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}@ReusableType                        0
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
         


Alt 21.05.2013, 20:26   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Zitat:
Daniel :: BASIS [limited]
Warum hast du MBAR ohne Adminrechte ausgeführt?
Bitte nochmal starten, über Rechtsklick => Als Administrator ausführen
__________________
--> Tojaner - Start im abgesicherten Modus nicht möglich

Alt 21.05.2013, 22:14   #22
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



ok, da isses:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BASIS [administrator]

21.05.2013 22:28:42
mbar-log-2013-05-21 (22-28-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31203
Time elapsed: 36 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 22.05.2013, 08:13   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 22.05.2013, 12:02   #24
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



hi cosinus, hier sind die ergebnisse der scans

Alt 22.05.2013, 12:46   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Zitat:
12:51:40.0763 5348 Scan started
12:51:40.0763 5348 Mode: Manual;
Den tdsskiller hast du falsch eingestellt. Bitte nochmal richtig machen

Alt 22.05.2013, 13:17   #26
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



okay.

Alt 22.05.2013, 13:33   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Ok.

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Alt 22.05.2013, 16:01   #28
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



all clear.
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 22/05/2013 um 16:50:04 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel - BASIS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bcuzlkqc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.14.1738.0

Datei : C:\Users\Daniel\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1238 octets] - [22/05/2013 16:12:30]
AdwCleaner[S1].txt - [5268 octets] - [18/02/2013 20:06:03]
AdwCleaner[S2].txt - [1171 octets] - [22/05/2013 16:50:04]

########## EOF - C:\AdwCleaner[S2].txt - [1231 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 22.05.2013 at 15:29:07,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6C9357B-8FE5-4293-BD37-AFD666AC47E7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\pdfforge"
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{0D975738-376B-491C-98C6-A8108BDE972B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{119B6A55-B21B-4B6D-8658-027CFD5F3408}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{137EE534-3833-4AFC-A61C-5AC37C38962C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1B351B91-7521-4391-B863-A54E7E5A9152}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1C721DC4-10A9-4A0E-A3A7-B7B57E92717E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1F0AE3BB-D43F-416B-AD87-1B7BB97E3D8B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2174E879-1710-491A-A7A4-0006A1065E17}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2485EE17-96D5-4833-AFAD-9796D61AC901}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2F2F846D-006A-4837-A488-BCF6B8971B6E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{3BB0B0D9-7FDD-4A89-A8EF-E582B36328C8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{3C101C9C-4E59-461E-B75F-5766C31107C3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{406E9371-18AD-4A69-BE2C-8CBD040DD3F0}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{40F190ED-5A17-40DC-9917-F445C971D916}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{44AC88F2-2606-4E3B-BB7C-519E050A418D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{45490FDB-45BD-418C-BEDE-900F5779C220}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{47D31B37-110F-4F0F-AA40-BCEB2F5BDF03}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4FFD1F19-611D-4763-BE90-7EF9065ABFF5}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{562FFD63-34D4-4B94-BAB9-15E350A842FC}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{5FE24B35-9A41-4809-9139-AB6355A7ACA9}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{63BF103F-EFD4-49EC-B152-FB62F9D8800C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{68E4F3A0-EB4A-4554-8E79-25672FC1EF03}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6A8C5C2B-C484-489A-96D6-727F30F0E7B0}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6B14EEE2-3B19-40D0-9E59-CDD5D09816B2}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6B8A8E37-CA90-4F00-ADC1-D88F59044265}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6EE5F1D0-B36D-41BE-87AB-4761B0F74448}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{7267EEA2-2323-4F4A-95AC-1EA017DC635E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{74FD1462-73EF-42E7-BB0D-CC818FC6D7F6}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{7C155E0F-C7CC-495C-A87F-0A919AAD742A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{840A921A-1E11-43A6-94F0-B0CF0D77128C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{8816DA1A-4EA3-48C6-B33C-5B2A64E5152C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{8829BEDE-6310-4D08-A7E6-256A99BA545A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{918F4281-E6FC-44F0-A3A3-E1EADA82715E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{926172CD-CD62-4A88-940F-AEE957E501CD}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{95D65842-1CB7-4433-BD30-A6F8D3DB1A28}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{963DBBBC-FFD9-485F-8E9A-F7824D6B35DB}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{97B55FC0-3670-4244-BB49-BB70463FA11E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{99D286C4-C2E2-47CC-874E-042CA0882660}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{9FEABFE7-6318-43A2-A1B3-B0F299EFEA2B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A383DF53-0127-4698-BB4C-DD7245BF2CB3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A4AB7156-F54A-4D72-A14D-3C62ADD6EE33}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A760A013-CDEF-46DD-A3F8-A5EB23F4E8EB}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B2B84918-338C-4DDF-870A-ECDF05026FDE}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B336E7C6-45F0-4B9B-AD49-9A4D2617F2F3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B9AE2B97-796D-4645-BAA3-305359C4D15B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{BB106C58-6990-4017-8114-52D4F19FE756}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C09E2903-4C62-4B69-8C62-8133609E2503}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C3185518-CF93-4B38-BF9C-243DA5748957}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C4B6CCFE-4393-4821-B4D5-6FACCD85A293}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C708EB9F-26F5-48EB-8E62-E1ED17B8036D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C787DECB-CD5D-42A5-9B96-1F417328D2C2}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{D34DA828-D79F-405A-949D-4910027808F5}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{D7F1D421-9364-4E6D-9B6A-069529E189B8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{E9CCE04A-99C9-461D-9493-2B19186B9B0E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EBB3DFA1-EDB9-4A9F-A468-FAE0A2E09725}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EF97B418-DA55-4DDE-A330-F2215CE3D1CD}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FF264C81-547C-479B-822B-9FC6C3BB3E09}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FFCBDB77-E483-4554-8133-A435FA1C58CE}



~~~ FireFox

Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\prefs.js

user_pref("extensions.crossrider.bic", "136c9f5fb48e4900eca4c70e7c7755dd");
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\minidumps [158 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2013 at 15:54:48,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und
Code:
ATTFilter
OTL logfile created on: 22.05.2013 16:15:22 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,61 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 58,71% Memory free
11,21 Gb Paging File | 8,35 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128,18 Gb Total Space | 38,35 Gb Free Space | 29,92% Space Free | Partition Type: NTFS
Drive D: | 144,91 Gb Total Space | 75,40 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 566,04 Gb Free Space | 60,78% Space Free | Partition Type: FAT32
 
Computer Name: BASIS | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Daniel\Downloads\adwcleaner.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\banner.zxt ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZeonForm.zxt ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\annot.zxt ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZDigSig.zxt ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\PPKLite.zxt ()
MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\Search.zxt ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos Client Firewall Manager) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Plc)
SRV - (Sophos Client Firewall) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Plc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (scfdriver) -- C:\Windows\SysNative\drivers\scfdriver.sys (Sophos Plc)
DRV:64bit: - (scflwf) -- C:\Windows\SysNative\drivers\scflwf.sys (Sophos Plc)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\..\SearchScopes,DefaultScope = {B6C9357B-8FE5-4293-BD37-AFD666AC47E7}
IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 15:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 02:24:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 02:24:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.27 13:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2013.05.09 02:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\bcuzlkqc.default\extensions
[2012.12.12 01:08:44 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 02:00:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.22 15:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 16:03:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.22 15:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.22 15:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.05.18 21:12:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001..\Run: [EA Core] D:\FIFA.Manager.10-RELOADED\EADM\Core.exe (Electronic Arts)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24747FF-5A38-4765-AF9A-B88E1C858F0E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Plc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 15:28:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 15:26:10 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 11:26:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.05.21 00:17:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mbar
[2013.05.18 06:02:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.16 03:02:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 03:02:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 03:02:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 03:02:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 03:02:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 03:02:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 03:02:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 03:02:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 03:02:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 03:02:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 03:02:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 03:02:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 03:02:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 03:02:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 03:02:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 02:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 11:30:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 11:30:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 11:13:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 11:13:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 11:13:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 11:13:20 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 11:12:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 11:12:44 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013.05.13 02:00:39 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.04.29 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.29 12:01:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.29 12:01:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.29 12:01:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.24 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Application Data
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 15:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 13:06:42 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job
[2013.05.22 13:00:58 | 000,024,614 | ---- | M] () -- C:\Users\Daniel\Desktop\Desktop.rar
[2013.05.22 12:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.05.22 11:28:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.05.22 10:59:33 | 001,663,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 10:59:33 | 000,713,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 10:59:33 | 000,674,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 10:59:33 | 000,152,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 10:59:33 | 000,128,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 10:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 02:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 02:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 02:27:53 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.05.22 02:26:29 | 218,939,391 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 21:12:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.05.18 19:40:58 | 000,001,051 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.18 19:40:17 | 000,001,021 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk
[2013.05.16 11:28:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.05.16 04:06:43 | 000,417,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 10:59:10 | 004,102,677 | R--- | M] () -- C:\Users\Daniel\trainee_corporates-3.pdf
[2013.05.15 03:53:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 03:53:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.12 17:30:39 | 016,282,297 | ---- | M] () -- C:\Users\Daniel\Documents\dez.spv
[2013.05.12 11:48:36 | 015,963,273 | ---- | M] () -- C:\Users\Daniel\Documents\jan.spv
[2013.05.09 11:07:16 | 010,964,387 | ---- | M] () -- C:\Users\Daniel\Documents\jul.spv
[2013.05.08 21:50:27 | 010,571,327 | ---- | M] () -- C:\Users\Daniel\Documents\mrz.spv
[2013.05.08 18:04:32 | 010,608,641 | ---- | M] () -- C:\Users\Daniel\Documents\feb.spv
[2013.05.08 13:12:28 | 010,493,495 | ---- | M] () -- C:\Users\Daniel\Documents\nov.spv
[2013.05.07 20:44:53 | 010,166,854 | ---- | M] () -- C:\Users\Daniel\Documents\apr.spv
[2013.05.04 18:22:48 | 009,391,414 | ---- | M] () -- C:\Users\Daniel\Documents\Output1b.spv
[2013.05.04 10:54:07 | 008,921,013 | ---- | M] () -- C:\Users\Daniel\Documents\Output1a.spv
[2013.04.23 21:51:12 | 000,014,212 | ---- | M] () -- C:\Users\Daniel\Desktop\InformationzuIhrerAnfrage.PDF
 
========== Files Created - No Company Name ==========
 
[2013.05.22 12:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.05.20 00:24:40 | 000,024,614 | ---- | C] () -- C:\Users\Daniel\Desktop\Desktop.rar
[2013.05.15 10:58:07 | 004,102,677 | R--- | C] () -- C:\Users\Daniel\trainee_corporates-3.pdf
[2013.05.12 17:30:39 | 016,282,297 | ---- | C] () -- C:\Users\Daniel\Documents\dez.spv
[2013.05.09 11:07:16 | 010,964,387 | ---- | C] () -- C:\Users\Daniel\Documents\jul.spv
[2013.05.08 18:04:32 | 010,608,641 | ---- | C] () -- C:\Users\Daniel\Documents\feb.spv
[2013.05.07 20:44:53 | 010,166,854 | ---- | C] () -- C:\Users\Daniel\Documents\apr.spv
[2013.05.07 09:43:12 | 010,571,327 | ---- | C] () -- C:\Users\Daniel\Documents\mrz.spv
[2013.05.07 01:18:10 | 010,493,495 | ---- | C] () -- C:\Users\Daniel\Documents\nov.spv
[2013.05.05 21:01:52 | 015,963,273 | ---- | C] () -- C:\Users\Daniel\Documents\jan.spv
[2013.05.04 18:22:48 | 009,391,414 | ---- | C] () -- C:\Users\Daniel\Documents\Output1b.spv
[2013.05.04 10:54:07 | 008,921,013 | ---- | C] () -- C:\Users\Daniel\Documents\Output1a.spv
[2013.04.23 21:51:11 | 000,014,212 | ---- | C] () -- C:\Users\Daniel\Desktop\InformationzuIhrerAnfrage.PDF
[2013.02.18 20:28:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.18 20:28:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.18 20:28:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.18 20:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.18 20:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.14 23:29:41 | 000,004,219 | ---- | C] () -- C:\Users\Daniel\As4.synctex.gz
[2013.01.14 23:00:33 | 000,074,851 | ---- | C] () -- C:\Users\Daniel\As4.pdf
[2013.01.14 22:59:38 | 000,000,165 | ---- | C] () -- C:\Users\Daniel\As4.aux
[2013.01.14 22:59:24 | 000,000,934 | ---- | C] () -- C:\Users\Daniel\As4.tex
[2013.01.14 22:33:38 | 000,059,109 | ---- | C] () -- C:\Users\Daniel\Assignment4.pdf
[2013.01.14 22:33:38 | 000,000,163 | ---- | C] () -- C:\Users\Daniel\Assignment4.aux
[2013.01.14 22:33:37 | 000,004,066 | ---- | C] () -- C:\Users\Daniel\Assignment4.synctex.gz
[2013.01.14 13:21:56 | 000,000,934 | ---- | C] () -- C:\Users\Daniel\Assignment4.tex
[2012.12.03 12:14:31 | 002,693,311 | ---- | C] () -- C:\Users\Daniel\enigmail-1.4.6-sm+tb.xpi
[2012.08.13 21:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.08.13 21:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.03.16 14:06:27 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.28 18:51:40 | 001,558,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.18 09:06:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.18 09:01:39 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.14 04:55:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
und zu guter letzt

Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 16:15:22 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,61 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 58,71% Memory free
11,21 Gb Paging File | 8,35 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128,18 Gb Total Space | 38,35 Gb Free Space | 29,92% Space Free | Partition Type: NTFS
Drive D: | 144,91 Gb Total Space | 75,40 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 566,04 Gb Free Space | 60,78% Space Free | Partition Type: FAT32
 
Computer Name: BASIS | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B1BBCC-547A-4DBE-94FB-F59F1BBBBE82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22119967-3266-4A36-891A-EB0327CDAE08}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2308C865-2931-4D2B-88BC-505F5576B726}" = lport=137 | protocol=17 | dir=in | app=system | 
"{24C7BEF4-20B5-4C2D-A43F-7C778A20D3F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2D274847-9891-4258-9AA5-E6D600C8A5BE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3804366A-F168-4CE9-95A2-53F80221E140}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3C25890C-90F8-4FE0-9A50-DE2EE54D22B6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3C48C0DA-0BBE-4CD0-9AD3-2AA9F41B0170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{53C69CD8-8FBA-40EC-AC61-FF2BFC9E5AC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F1453CE-082E-4148-870D-D6115DA9814A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{68FC3F23-8136-4D8B-8B46-D69F355421DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{71A5E047-D37B-4A50-87CF-8D21EA982B27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71C1071F-9069-49F4-A615-D95C80A2D84C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{72D6E5C4-6BE2-43D5-B665-5BEC5B5E8289}" = rport=445 | protocol=6 | dir=out | app=system | 
"{770AB3D3-678E-49C6-8165-F20DB8974C79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77AD00E8-7A85-4457-91A4-9DC6E21B9238}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8877F45F-140B-4076-8B34-09B66E4A67BB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8B29FA2F-ACCB-4FBA-87B4-C29F6DD787E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B276822F-9646-4360-ADE9-EF6F57A5E0A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C3E1DD99-8163-4257-A31A-A89416810119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5FBD8BA-7BBB-4374-93AD-E6018E2FA164}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FE6824B6-2545-427E-8B0F-7B3B0B93963B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428F49E-D561-4885-8407-60FDA530B1B3}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{048E5D8E-0A06-4A27-90AC-DAE7D9EA05AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{05921E67-A66E-47E3-9720-31A8D203FE58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DE55ABB-09CD-454E-B2E3-E49CA90076EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E1C0026-3273-4F82-BCF4-33CD5AA8EE16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F49BA5F-E6E5-4197-938D-478E13758D78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{253247DB-A1AE-4FA2-99E0-AB8EABE275AD}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{38004588-5321-4388-BA7C-16B12AA92A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{447A6722-102E-47D2-9958-FA11660F2287}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{4AE889B9-59C8-4DF3-A4CF-B2A5BA045B3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{501B90E3-8470-4524-8915-FE688D5B547C}" = protocol=17 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{54954F74-86B7-4539-A206-D574788BD41C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57562EC6-0E81-4A7D-BA01-DB5F56A0436B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{659B74BF-7E4C-41A8-B10A-92642832D5A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7DAF63AC-AB1B-4E23-916C-64D2C775C623}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DBB5808-F601-45C4-95BB-C5B59ABE43EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8E2A5220-97B0-4D21-985F-58EFD8B5E60D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{90858D94-2230-4773-9F46-6998B65C9E6F}" = protocol=17 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{91A9008F-171D-4451-8FE2-27D899AC4F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{955C8760-15C0-475E-AF74-A4FCD569DB49}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9BE17CB0-C964-48CF-8862-8DF92DA7265C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A193FA49-A261-421D-8D6F-440E1828F2FF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A22FF28D-9086-4568-84DE-C3D1BEF3925F}" = protocol=6 | dir=out | app=system | 
"{AB4B5379-8344-463D-8F92-77FDE3CF92E8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{ADDC7848-60DB-4FC2-9DA9-826622E8E34A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B5761F4A-5F75-449D-ABD4-D9C24F6D5D48}" = protocol=6 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{BA3797B6-E1E9-4796-A4AB-D0FF9742A448}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BB998749-016C-46DE-8CB0-698B5FDEB925}" = protocol=6 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{BEDF2383-5941-4AD0-AD16-E5EBF25C8C70}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C5C22973-0A04-4411-933B-206BC9EF830D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBA09DCC-6760-4DB6-B6E3-68E188198282}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{CC5DE2FB-D7E9-43C8-A44E-881A7171003F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{CCBEA74E-E068-4C3B-B33D-31406972BF58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CD2C810C-1753-4B55-9E6C-3A03F52C53D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1A45986-BCEA-4DDE-9711-F702B8B2D3B8}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{D77A3E20-2F49-40F7-982C-32C26D0A8253}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9A480D5-385D-4702-9847-68E863EFC462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E0AB41FA-405D-4545-985D-8A3B9ACCF201}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E8BA070A-60E4-4D5B-9A24-E46DDBEB3BD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC629A46-60DE-4545-B6B5-A7E5B70AC1FF}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F2599FA8-314E-4A73-AD1D-EBBA070929DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FDAC0815-367D-4DC8-AFC4-5B758B45A7B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{11D96381-C349-60F6-6E95-013D80B6B68B}" = AMD Fuel
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C4C0E06-5E82-FEF7-7A35-6ED0FBA91307}" = AMD Media Foundation Decoders
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E17025A7-39B6-375E-8F1E-20637D19549C}" = AMD Catalyst Install Manager
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FF91D913-0F96-E8B4-7F24-138D64AEE63A}" = ccc-utility64
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"GPL Ghostscript 9.04" = GPL Ghostscript
"Matlab R2012b" = MATLAB R2012b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A10EA04-AF48-AB19-DE2B-0F7ABF174B22}" = CCC Help Finnish
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AC6E8CB-B022-A7E1-66DA-E063B6CEC373}" = CCC Help Polish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{29AFBD5C-71A8-DA79-508C-53E040EE3E71}" = CCC Help Italian
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36BFE02C-3247-EC65-5B79-C31CA8A2EA6B}" = CCC Help Chinese Traditional
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3993DD42-0739-7DCB-CB1E-512A1D0287B6}" = CCC Help Portuguese
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D06DD4B-2D97-CB62-1639-66995969E0F7}" = CCC Help Chinese Standard
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40D1F76D-FD54-6FF9-8A83-E2B6849FF755}" = CCC Help Korean
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C699616-D8EA-9E2F-0246-68E0298A9081}" = CCC Help German
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50B8CA72-98FD-21A1-3448-601998D44C1D}" = CCC Help Swedish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55C6CD22-E3A4-4937-CFFB-C7E11FA6A5A3}" = CCC Help Dutch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56050D82-138B-D911-CE56-DC4783CAA22C}" = CCC Help English
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{615AA928-1427-735E-C728-55AF614CD3DA}" = Catalyst Control Center Profiles Mobile
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62D16CB8-4DD5-0314-2AD7-C3C2BCADC234}" = CCC Help Thai
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69424C7F-B6CA-8786-E0CA-89D5915C9486}" = CCC Help Turkish
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5E0E1B-FADA-9749-80F6-03A0A7967FEC}" = CCC Help Danish
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71296ABE-826A-2D27-9FD0-503F39A4D7ED}" = CCC Help Japanese
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A11EFE0E-A256-C423-223F-4808E88024DB}" = CCC Help Greek
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9868A83-9D72-2F2D-F549-A5BD46891987}" = CCC Help Norwegian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2A07D8D-71DB-4929-9154-2D8A198F0FDA}" = CCC Help Spanish
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C10C5955-9E14-A895-BF90-29388B133FEA}" = CCC Help Russian
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9440B47-2604-44EC-DA52-46DB4FA946ED}" = CCC Help French
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CA234488-A4E4-FE20-DEF4-D68C43ACACA2}" = CCC Help Czech
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA9FD67B-0AAF-C83D-E2AC-C7D296FA0FE4}" = Catalyst Control Center Localization All
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6698C9-53D4-67FB-2A2B-67CB1DEF89E5}" = AMD VISION Engine Control Center
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8857969-C550-C462-1785-DB5523AE133C}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB51A10-A57D-29AB-90D1-3EEE29BD388F}" = Catalyst Control Center InstallProxy
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DAEMON Tools Lite" = DAEMON Tools Lite
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"Plants vs Zombies" = Plants vs Zombies
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"Texmaker" = Texmaker
"TeXstudio_is1" = TeXstudio 2.3
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
"XnView_is1" = XnView 1.99.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 10.02.2013 18:50:18 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 91
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2013 20:08:46 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4679
 seconds with 2700 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2013 21:21:52 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4365
 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2013 18:28:41 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 187219
 seconds with 40920 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2013 20:06:10 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 91948
 seconds with 10740 seconds of active time.  This session ended with a crash.
 
Error - 31.03.2013 05:43:08 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 77315
 seconds with 21120 seconds of active time.  This session ended with a crash.
 
Error - 02.04.2013 10:09:25 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 46431
 seconds with 11160 seconds of active time.  This session ended with a crash.
 
Error - 10.04.2013 05:55:40 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3354
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2013 08:32:24 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 76571
 seconds with 35460 seconds of active time.  This session ended with a crash.
 
Error - 28.04.2013 22:05:40 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4757
 seconds with 600 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         

Alt 22.05.2013, 20:13   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 24.05.2013, 06:01   #30
Geschädiger
 
Tojaner - Start im abgesicherten Modus nicht möglich - Standard

Tojaner - Start im abgesicherten Modus nicht möglich



scans dauerrten eine ewigkeit.

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2fc706100f3ba142b9e559add6b40cf7
# engine=13197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-21 12:42:36
# local_time=2013-02-21 01:42:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 55452 113037206 0 0
# compatibility_mode=8450 16777213 85 98 6587485 174666390 0 0
# scanned=436501
# found=1
# cleaned=0
# scan_time=45400
sh=7F5B4839D00359AD9327DC21DC977DE652C871B0 ft=0 fh=0000000000000000 vn="JS/Agent.NID trojan" ac=I fn="C:\_OTL\MovedFiles\02182013_231835\C_ProgramData\dsgsdgdsgdsgw.js"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2fc706100f3ba142b9e559add6b40cf7
# engine=13895
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-24 01:10:58
# local_time=2013-05-24 03:10:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 135551 120987708 0 0
# compatibility_mode=8450 16777213 85 98 5843837 182616892 0 0
# scanned=525670
# found=12
# cleaned=0
# scan_time=40190
sh=F7ED23A3187C32134B860737D47C8513789E5AB2 ft=1 fh=62db4b4db591c5f6 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1079637092-1404767213-1586573362-1001\$RBLIO9Y.exe"
sh=DAFE8EE373E92DD6D7EA981C2E410CF220E1C538 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G19YC5HJ\980769[1].js"
sh=300E7513C28399B4FA65DFE2EF955D6EC846CCF2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NVX trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\51889051-2df605ca"
sh=A8846FE28E6DDC50E3EA046F43DA490F6879A706 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\25bc2213-18fb54ff"
sh=BC3C2437A717BECCD026241DCB6DD0053F44E749 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.E trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30efd042-71eff98a"
sh=4E8E7DCBBB176852ECCFAB5D968DD1CAB5EF4B64 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OIJ trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\14019747-6b3f08a1"
sh=DAFE8EE373E92DD6D7EA981C2E410CF220E1C538 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G19YC5HJ\980769[1].js"
sh=300E7513C28399B4FA65DFE2EF955D6EC846CCF2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NVX trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\51889051-2df605ca"
sh=A8846FE28E6DDC50E3EA046F43DA490F6879A706 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\25bc2213-18fb54ff"
sh=BC3C2437A717BECCD026241DCB6DD0053F44E749 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.E trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30efd042-71eff98a"
sh=4E8E7DCBBB176852ECCFAB5D968DD1CAB5EF4B64 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OIJ trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\14019747-6b3f08a1"
sh=E85CABD0C9AE654A703A68E9EBC1B86FB04B5D6E ft=0 fh=0000000000000000 vn="JS/Kryptik.MV trojan" ac=I fn="H:\BASIS\Backup Set 2012-05-07 153342\Backup Files 2012-05-07 153342\Backup files 4.zip"
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BASIS [Administrator]

22.05.2013 22:44:33
mbam-log-2013-05-22 (22-44-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 606993
Laufzeit: 4 Stunde(n), 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\MovedFiles.zip (Trojan.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05182013_150840\C_Users\Daniel\AppData\Roaming\skype.dat (Trojan.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Antwort

Themen zu Tojaner - Start im abgesicherten Modus nicht möglich
abgesicherte, abgesicherten, abgesicherten modus, absoluter, daten, daten sichern, desktop, erwischt, formatiere, formatieren, heulen, modus, nicht mehr, nicht möglich, sichern, start, tojaner, troja, verloren



Ähnliche Themen: Tojaner - Start im abgesicherten Modus nicht möglich


  1. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 13.11.2014 (19)
  2. BKA-Trojaner und Eingabe im abgesicherten Modus NICHT möglich
    Log-Analyse und Auswertung - 27.06.2014 (16)
  3. Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)
    Log-Analyse und Auswertung - 16.03.2014 (5)
  4. GUV-Trojaner; Start in abgesichertem Modus nicht möglich; Start von FRST nicht möglich
    Log-Analyse und Auswertung - 20.12.2013 (1)
  5. WinXP: BKA-Trojaner und Eingabe im abgesicherten Modus NICHT möglich
    Log-Analyse und Auswertung - 14.11.2013 (3)
  6. Windows 7: BKA? Grauer Screen beim Start, abgesicherter Modus nicht möglich.
    Log-Analyse und Auswertung - 01.11.2013 (9)
  7. Win 7: GVU Trojaner mit Sperrbildschirm - starten im abgesicherten Modus nicht möglich!
    Log-Analyse und Auswertung - 31.10.2013 (13)
  8. Weisser Bildschirm beim Start Windows Vista- Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 27.10.2013 (28)
  9. Neue Art von Polizeivirus - Neustarten im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (17)
  10. GVU-Trojaner und Booten im "abgesicherten Modus" nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (12)
  11. GVU Trojaner, Anmeldung im abgesicherten Modus nicht möglich
    Log-Analyse und Auswertung - 07.07.2013 (69)
  12. GVU Trojaner - Start im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (18)
  13. GVU-Trojaner (Start des abgesicherten Modus nicht möglich)
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (15)
  14. gvu trojaner aktiv, ein neustart im abgesicherten modus ist nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (3)
  15. BKA-Virus: Offenbar relativ neue Version, Start im Abgesicherten Modus nicht möglich.
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (14)
  16. Bundespolizei Trojaner - auch im abgesicherten Modus nicht mehr Start möglich
    Log-Analyse und Auswertung - 05.12.2011 (8)
  17. Nach Combofix im abgesicherten Modus kein normaler Start mehr möglich - WINXP
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (1)

Zum Thema Tojaner - Start im abgesicherten Modus nicht möglich - Hallo Cosinus, der Rechner ist von meinem Bruder und der hatte Probleme mit dem GVU-Virus. Da hat er galube ich mit den Programmen den Trojanere beseitigen können. Ich dachte man - Tojaner - Start im abgesicherten Modus nicht möglich...
Archiv
Du betrachtest: Tojaner - Start im abgesicherten Modus nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.