Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Backdoor.Trojan Befall: dxgiau.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.06.2013, 12:59   #1
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo an die Gemeinschaft!

Gestern ist es mir passiert: Nach all den Jahren - Anhang geöffnet ( ein Zip file) mit vermeintlicher O2 Rechnung... mein Norton hat nicht gemault, und seitdem hatte ich alle Hände voll zu tun.
Hier mal die Historie von Norton :

Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
26.06.2013 09:42:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.06.2013 16:33:21,Hoch,Backdoor.Trojan erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\desktop\ihre_o2_bestellung-8615095878.zip
25.06.2013 15:36:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:30:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:24:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:23:51,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe
25.06.2013 15:18:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:12:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:06:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 15:00:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:58:18,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe
25.06.2013 14:56:09,Hoch,dxgiau.exe (WS.Trojan.H) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe
25.06.2013 14:54:03,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:48:03,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:42:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:36:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:30:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich,
25.06.2013 14:30:00,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe
25.06.2013 13:51:26,Hoch,1365380237.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365380237.exe
25.06.2013 13:48:57,Hoch,1365404668.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365404668.exe
25.06.2013 13:47:33,Hoch,1365395751.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365395751.exe



Damit schon mal die einzelnen Namen drin:
dxgiau, 1365380237, 1365404668 und 1365395751

Norton hat dann ein Entfernungstool ins Spiel gebracht und anschließend gemeldet, dass Backdoor.Trojan volständig entfernt wurde - das ist nun die Frage...

Ich habe entsprechend logfiles erstellt:

OTL:

Code:
ATTFilter
OTL logfile created on: 26.06.2013 10:56:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 51,21% Memory free
6,07 Gb Paging File | 4,54 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 31,41 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE
PRC - [2013.03.31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2013.03.19 12:55:46 | 000,169,096 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006.03.01 16:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll
MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll
MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll
MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll
MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll
MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2004.12.26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013.03.19 12:55:46 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com)
SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130625.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130625.023\NAVENG.SYS -- (NAVENG)
DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS)
DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130625.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
IE - HKCU\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6
IE - HKCU\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKCU\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKCU\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.ftp: "219.234.82.84"
FF - prefs.js..network.proxy.ftp_port: 33948
FF - prefs.js..network.proxy.http: "219.234.82.84"
FF - prefs.js..network.proxy.http_port: 33948
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "219.234.82.84"
FF - prefs.js..network.proxy.ssl_port: 33948
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.26 09:55:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
 
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.19 12:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions
[2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.23 09:33:16 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.05.06 13:17:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\DTToolbar@toolbarnet.com
[2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung
[2013.06.19 12:06:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\toolbar@ask.com
[2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi
[2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi
[2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi
[2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml
[2013.06.19 12:06:29 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\askcom.xml
[2011.03.31 16:38:21 | 000,002,059 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\daemon-search.xml
[2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml
[2011.05.24 15:38:34 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\safesearch.xml
[2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 12:06:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\
CHR - Extension: Ask Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\
 
O1 HOSTS File: ([2013.03.27 18:41:59 | 000,000,793 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	licensing1.infoware.de
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (MP3 Rocket Toolbar) - {4D503352-5636-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll (APN LLC.)
O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {4D503352-5636-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: posbote.de ([tagwerk-design] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{279c4ce7-3a32-11e1-9cd4-001f16673918}\Shell - "" = AutoRun
O33 - MountPoints2\{279c4ce7-3a32-11e1-9cd4-001f16673918}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{279c4cfa-3a32-11e1-9cd4-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{279c4cfa-3a32-11e1-9cd4-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{30cf4449-0752-11de-ba3a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30cf4449-0752-11de-ba3a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{3dad766c-6241-11e1-8a53-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{3dad766c-6241-11e1-8a53-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a4fc17e0-0894-11de-9340-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a4fc17e0-0894-11de-9340-806e6f6e6963}\Shell\AutoRun\command - "" = F:\starter.exe
O33 - MountPoints2\{fb96b869-d4db-11e0-a542-001f16673918}\Shell - "" = AutoRun
O33 - MountPoints2\{fb96b869-d4db-11e0-a542-001f16673918}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\ShelExec.exe Index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Piyndy
[2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy
[2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi
[2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fedaaf
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci
[2013.06.19 12:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll
[2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll
[2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll
[2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll
[2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll
[2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll
[2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll
[2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll
[2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll
[2013.05.29 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.29 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 10:51:50 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.06.26 10:38:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 10:34:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.26 09:56:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.26 09:55:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.06.26 09:55:15 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 09:55:15 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 09:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.26 09:53:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.06.26 00:47:10 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 16:33:21 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\Ihre_O2_Bestellung-8615095878.zip
[2013.06.25 15:43:00 | 000,003,773 | ---- | M] () -- C:\Users\***\Desktop\Ihre O2 DSL Bestellung (Kundennummer DE98260281).eml.7z
[2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.25 15:21:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.06.20 14:21:13 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.20 14:21:13 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.20 14:21:12 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.20 14:21:12 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013.06.11 09:21:43 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
[2013.06.03 22:00:01 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI
[2013.05.29 21:01:16 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.26 10:51:49 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 15:43:00 | 000,003,773 | ---- | C] () -- C:\Users\***\Desktop\Ihre O2 DSL Bestellung (Kundennummer DE98260281).eml.7z
[2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.25 15:36:00 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\Ihre_O2_Bestellung-8615095878.zip
[2013.06.25 15:21:27 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2013.05.29 21:01:15 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg
[2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif
[2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg
[2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\Aaron_Jacob_Zoo2012.jpg
[2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf
[2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf
[2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg
[2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd
[2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung solaris-music.pdf
[2011.06.30 11:00:53 | 000,000,019 | ---- | C] () -- C:\Windows\RETRIEVE.INI
[2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk
[2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf
[2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg
[2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf
[2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf
[2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf
[2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf
[2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old
[2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache
[2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\walli.lnk
[2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps
[2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf
[2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2013.06.25 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avqo
[2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate
[2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fedaaf
[2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec
[2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net
[2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket
[2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muyci
[2013.06.25 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Obypy
[2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic
[2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX
[2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup
[2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5
[2013.06.25 13:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Piyndy
[2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puuswi
[2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD
[2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD
[2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer
[2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity
[2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vak
[2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2013.06.25 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yka
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >
         

und Extras:

Code:
ATTFilter
OTL Extras logfile created on: 26.06.2013 10:56:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 51,21% Memory free
6,07 Gb Paging File | 4,54 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 31,41 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0285DC9B-0012-4ACF-B1DF-421D90574A82}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0ACFD205-C401-4BD8-8A6C-78F26DDDCDD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{153EFBF6-165F-4271-9F58-73F1AB7A9F56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2F34D1FE-D80F-4C82-B981-BDCF4A4A3B9E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{3B3342B8-8399-40C1-823B-1DDACBA03F7C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8EF61537-1605-4F55-9B2D-89AA7817295D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{9297B568-291E-4A4F-9C94-B279885ADCFA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{92EA76AA-EFD8-44D1-BD80-D2E94A122DDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A03BBBC7-4245-4173-B48F-97E437637A2A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{AA076183-14AA-4BB9-9CFB-117F9612122C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AEACFD36-46A8-4B80-9998-7EC5D26D9A87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2D268DC-0557-4FA5-9247-FDB1EA0D9D15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9BA6642-2DA2-4592-AE49-C1E0F0D3CAD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD5A56B5-BDD9-41D5-85FA-84E03C68B8DB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{EA1CDFF8-28F5-465D-B47F-CC58089AB6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BB0D89-24A5-436B-BC66-E1D17D6BFD29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{07DF8700-3F3D-4539-B8E6-C9A5205F166F}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{149DE439-BC19-44C3-BC0B-B1DC2DB07C62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{18195013-26E5-4AE9-A1D1-BBD1AF9BF8B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2239D7C9-2FFD-43DA-89A8-DDF85D21655D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{29982E9D-7369-446A-84C4-CC2E8E2EEB7E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2DD3C8EF-E168-4B87-97F4-9CA1040ED307}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F6E0103-ABA0-4A64-AFFC-8566BFB1A205}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{40DBB88A-C74A-4F05-991A-44D21D6591A6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe | 
"{4508BEE3-9A9F-452C-A607-AC5EC2B5EDAC}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{5318B654-B22F-4CF3-9DD0-1DF7615FAC4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{59F43363-34BC-4FA0-B80C-C6981978AFA4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{5A3B7728-F073-4621-AB7A-E58F37B81167}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5B4EF787-A103-435F-AAD9-166645554D1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5E213115-65F0-41CC-BC83-6E34CEB10C92}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5FEACC46-2B1F-4872-BAC6-9E4A88FD5F3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6072FADB-E015-4D13-BD72-73AA54EF92C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{615A31A5-A001-4C56-BF86-6E68101E37C3}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"{65FD6B52-F3A1-46FC-A5D2-A168287ADC12}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{759865ED-A157-4E0E-95B9-0F5AB84A176D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7BE0AF97-87FB-4164-B1B8-4EB060D94E5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{892A28F2-2D54-4C0A-93BC-22C2610AE768}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8CE15FCE-597C-4792-9591-F69D56B93D55}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe | 
"{92095FBD-ED68-4AF1-A284-465A44EE3C39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A23008FF-1F68-450F-9210-97D2739D6745}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ADE22E19-029D-49AB-84FE-8C7BD96090FF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C68AA946-AB6D-4282-BCBB-749BE49129CA}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{C803A6D9-F061-408B-B169-216BEFE3F157}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CB2F176E-1443-40FA-8DB3-B8DAC5D54F0C}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{D489ACF7-58B1-4B03-906F-A14189E4CA1B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"{DA569BEC-BC66-4E4A-B618-77816A019387}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E526A77F-A6E2-4736-A2F8-4A0867A24B90}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E8B22305-8E68-48C7-8B03-4A176FADCC26}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe | 
"{E950C2D7-C167-4915-859F-452CFC30FDCE}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{EA8D5ABA-1E46-4EE2-B802-50611A11700D}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{FE04E1AC-4A1F-48ED-A144-F551C7B96D42}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0823C022-7F0E-429E-880E-55615C3C3D9D}" = Smart Label Printer 6.9.1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0D48749F-2552-43F0-87F5-36DB92B3B251}" = Sagede.Shared.Elster.Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0E89442B-18D4-4415-A325-64AFA80AEF2A}" = easySales CRM (PE)
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLBOUNCE)
"{2b829d90-b307-4922-a0ad-d71a193a4224}" = PC-Kaufmann Komplettpaket 2013
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D503352-5636-006A-76A7-A758B70B0701}" = MP3 Rocket Toolbar
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9}" = billiger.de Sparberater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59BFA963-DDEC-40B6-889F-271C38673795}" = Sagede.Shared.Elster.Setup
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79C61990-79BE-495C-A70E-78AA63E84CD2}" = Sage SAIP
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87B20D4E-9AD9-4B4E-9CDA-43F9711CE91A}" = OutlookSynchronisation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{883E3F79-5DC5-4126-8486-8D280F6D1D8D}" = Sagede.Shared.Elster.Setup
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A282012D-1D21-4BD9-AB1B-0F8FDEE90F60}" = RSDLite 3.9.1
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFF5CBD2-4D16-4908-864C-50BA5C10CCD1}" = Sage BankCom
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D17F7D3E-809A-4380-B001-7082C38B7767}" = eBay
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D958A9B6-8126-4E21-BAA9-3F2E76B20200}" = Cockpit
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5EFAEAF-CD5F-4D63-9C69-99F941639629}" = Sage HBCI-Kontaktverwaltung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E704A-F387-41C7-A25D-4325168390EF}" = Sagede.Shared.Elster.Setup
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine 
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)  
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"eWallet" = eWallet for Windows PCs
"EZ Audio Converter by MixMeister_is1" = EZ Audio Converter 6.0 by MixMeister
"FBDBServer_2_0_is1" = Firebird 2.0.1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Flash&Backup3" = Flash&Backup
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFRS_is1" = Sage Online-Backup Client
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"NEATO MediaFACE" = NEATO MediaFACE
"Netzmanager" = Netzmanager
"NIS" = Norton Internet Security
"Personal Backup 5_is1" = Personal Backup 5.3
"Personal Backup_is1" = Personal Backup 4.5
"PROHYBRIDR" = 2007 Microsoft Office system
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Revo Uninstaller" = Revo Uninstaller 1.87
"Startup_Manager_is1" = Startup Manager 2.4.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = MP3 Rocket Toolbar Updater
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2013 10:25:19 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 25.06.2013 18:27:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 18:29:57 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 25.06.2013 18:44:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 18:46:05 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 26.06.2013 03:09:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 03:10:14 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 03:58:19 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 26.06.2013 04:02:05 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3024
Description = 
 
[ Media Center Events ]
Error - 19.08.2009 16:45:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ ODiag Events ]
Error - 23.04.2013 20:12:17 | Computer Name = ***-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A
 
[ OSession Events ]
Error - 29.04.2013 14:07:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6351
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03.05.2013 06:03:58 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2013 15:17:49 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 534
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2013 15:07:14 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2577
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2013 16:48:22 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 189
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2013 10:48:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 112
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2013 10:51:21 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.05.2013 08:31:01 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 286
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2013 10:08:54 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 149
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2013 04:26:10 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 624
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:13:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.06.2013 03:16:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
gmer funktioniert leider bei mir nicht ( nach 4 x Absturz habe ich aufgegeben - kommt nicht über diesen Punkt raus: \Device\HarddiskVolumeShadowCopy1

Ich bedanke mich schon mal im Voraus und freue mich auf den weiteren Verlauf - das beunruhigt schon sehr, wenn man nicht weiß was los ist.....

Viele Grüße vom G.Vadda

Alt 26.06.2013, 13:11   #2
aharonov
/// TB-Ausbilder
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo,

Zitat:
gmer funktioniert leider bei mir nicht ( nach 4 x Absturz habe ich aufgegeben - kommt nicht über diesen Punkt raus: \Device\HarddiskVolumeShadowCopy1
Dann entferne bei GMER auf der rechten Seite den Haken bei "devices" und versuche es noch einmal.
Klappt es jetzt?
__________________

__________________

Alt 27.06.2013, 08:07   #3
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Guten Morgen!

wow....das hat funktioniert und die ganze Nacht gerödelt. Habe wohl zuviele Daten auf meinem Rechner...

Hier das GMER file:

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-27 08:17:32
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.HP07 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\pwdiyfob.sys


---- System - GMER 2.1 ----

SSDT    888E1638                                                                                                                             ZwAlertResumeThread
SSDT    888E1718                                                                                                                             ZwAlertThread
SSDT    888E5360                                                                                                                             ZwAllocateVirtualMemory
SSDT    887F1AF8                                                                                                                             ZwAlpcConnectPort
SSDT    88924B60                                                                                                                             ZwAssignProcessToJobObject
SSDT    888E1388                                                                                                                             ZwCreateMutant
SSDT    88924880                                                                                                                             ZwCreateSymbolicLinkObject
SSDT    888E57E8                                                                                                                             ZwCreateThread
SSDT    88924C40                                                                                                                             ZwDebugActiveProcess
SSDT    888E5530                                                                                                                             ZwDuplicateObject
SSDT    888E1E48                                                                                                                             ZwFreeVirtualMemory
SSDT    888E1478                                                                                                                             ZwImpersonateAnonymousToken
SSDT    888E1558                                                                                                                             ZwImpersonateThread
SSDT    887272B8                                                                                                                             ZwLoadDriver
SSDT    888E1D48                                                                                                                             ZwMapViewOfSection
SSDT    88924008                                                                                                                             ZwOpenEvent
SSDT    888E56D0                                                                                                                             ZwOpenProcess
SSDT    888E5450                                                                                                                             ZwOpenProcessToken
SSDT    88924E68                                                                                                                             ZwOpenSection
SSDT    888E5600                                                                                                                             ZwOpenThread
SSDT    88924A70                                                                                                                             ZwProtectVirtualMemory
SSDT    888E17F8                                                                                                                             ZwResumeThread
SSDT    888E1A98                                                                                                                             ZwSetContextThread
SSDT    888E1B78                                                                                                                             ZwSetInformationProcess
SSDT    88924D20                                                                                                                             ZwSetSystemInformation
SSDT    88924F48                                                                                                                             ZwSuspendProcess
SSDT    888E18D8                                                                                                                             ZwSuspendThread
SSDT    888E58C8                                                                                                                             ZwTerminateProcess
SSDT    888E19B8                                                                                                                             ZwTerminateThread
SSDT    888E1C68                                                                                                                             ZwUnmapViewOfSection
SSDT    888E1F38                                                                                                                             ZwWriteVirtualMemory
SSDT    88924970                                                                                                                             ZwCreateThreadEx

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!KeSetEvent + 11D                                                                                                        82CB16E8 8 Bytes  [38, 16, 8E, 88, 18, 17, 8E, ...]
.text   ntkrnlpa.exe!KeSetEvent + 131                                                                                                        82CB16FC 4 Bytes  [60, 53, 8E, 88]
.text   ntkrnlpa.exe!KeSetEvent + 13D                                                                                                        82CB1708 4 Bytes  [F8, 1A, 7F, 88] {CLC ; SBB BH, [EDI-0x78]}
.text   ntkrnlpa.exe!KeSetEvent + 191                                                                                                        82CB175C 4 Bytes  [60, 4B, 92, 88]
.text   ntkrnlpa.exe!KeSetEvent + 1F5                                                                                                        82CB17C0 4 Bytes  [88, 13, 8E, 88]
.text   ...                                                                                                                                  
.reloc  C:\Windows\system32\drivers\acedrv11.sys                                                                                             section is executable [0xBCAB6600, 0x25B0C, 0xE0000060]
.text   C:\Windows\system32\drivers\hardlock.sys                                                                                             section is writeable [0xBCADD400, 0x6CBD0, 0xE8000020]
.init   C:\Windows\system32\drivers\hardlock.sys                                                                                             entry point in ".init" section [0xBCB61424]
.init   C:\Windows\system32\drivers\hardlock.sys                                                                                             unknown last code section [0xBCB61200, 0xEC00, 0xE20000E0]

---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ntdll.dll!NtTerminateThread                                                77445374 5 Bytes  JMP 0017004C 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!OpenSCManagerA + 125                                          75FC2EB8 7 Bytes  JMP 00190768 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!CloseServiceHandle + AA                                       75FC834F 7 Bytes  JMP 00190210 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                   75FE9EAF 7 Bytes  JMP 001905A0 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!CreateServiceW + FF                                           75FE9FB3 7 Bytes  JMP 0019012C 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!ControlService + C1                                           75FEA079 7 Bytes  JMP 0019084C 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                76026629 7 Bytes  JMP 001903D8 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!ControlServiceExA + 10E                                       7602673C 7 Bytes  JMP 00190048 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!SetServiceObjectSecurity + FB                                 76026DD4 7 Bytes  JMP 00190684 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                    76026F7C 7 Bytes  JMP 001904BC 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!ChangeServiceConfig2W + BB                                    7602729C 2 Bytes  JMP 001902F4 
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] ADVAPI32.dll!ChangeServiceConfig2W + BE                                    7602729F 4 Bytes  [16, 8A, EB, F9] {PUSH SS; MOV CH, BL; STC }
.text   C:\Program Files\Common Files\LightScribe\LSSrvc.exe[368] USER32.dll!RecordShutdownReason + 36A                                      763AB7BE 7 Bytes  JMP 00190930 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ntdll.dll!NtTerminateThread                                 77445374 5 Bytes  JMP 0015004C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!OpenSCManagerA + 125                           75FC2EB8 7 Bytes  JMP 00270768 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!CloseServiceHandle + AA                        75FC834F 7 Bytes  JMP 00270210 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!AreAllAccessesGranted + 3FD                    75FE9EAF 7 Bytes  JMP 002705A0 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!CreateServiceW + FF                            75FE9FB3 7 Bytes  JMP 0027012C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!ControlService + C1                            75FEA079 7 Bytes  JMP 0027084C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                 76026629 7 Bytes  JMP 002703D8 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!ControlServiceExA + 10E                        7602673C 7 Bytes  JMP 00270048 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!SetServiceObjectSecurity + FB                  76026DD4 7 Bytes  JMP 00270684 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!ChangeServiceConfigA + 1A3                     76026F7C 7 Bytes  JMP 002704BC 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!ChangeServiceConfig2W + BB                     7602729C 2 Bytes  JMP 002702F4 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] ADVAPI32.dll!ChangeServiceConfig2W + BE                     7602729F 4 Bytes  [24, 8A, EB, F9] {AND AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[472] USER32.dll!RecordShutdownReason + 36A                       763AB7BE 7 Bytes  JMP 00270930 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ntdll.dll!NtTerminateThread                                        77445374 5 Bytes  JMP 0015004C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!OpenSCManagerA + 125                                  75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!CloseServiceHandle + AA                               75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!AreAllAccessesGranted + 3FD                           75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!CreateServiceW + FF                                   75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!ControlService + C1                                   75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                        76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!ControlServiceExA + 10E                               7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!SetServiceObjectSecurity + FB                         76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!ChangeServiceConfigA + 1A3                            76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!ChangeServiceConfig2W + BB                            7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] ADVAPI32.dll!ChangeServiceConfig2W + BE                            7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[840] USER32.dll!RecordShutdownReason + 36A                              763AB7BE 7 Bytes  JMP 00170AF4 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ntdll.dll!NtTerminateThread                                     77445374 5 Bytes  JMP 0002004C 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!OpenSCManagerA + 125                               75FC2EB8 7 Bytes  JMP 00060768 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!CloseServiceHandle + AA                            75FC834F 7 Bytes  JMP 00060210 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!AreAllAccessesGranted + 3FD                        75FE9EAF 7 Bytes  JMP 000605A0 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!CreateServiceW + FF                                75FE9FB3 7 Bytes  JMP 0006012C 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!ControlService + C1                                75FEA079 7 Bytes  JMP 0006084C 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                     76026629 7 Bytes  JMP 000603D8 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!ControlServiceExA + 10E                            7602673C 7 Bytes  JMP 00060048 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!SetServiceObjectSecurity + FB                      76026DD4 7 Bytes  JMP 00060684 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!ChangeServiceConfigA + 1A3                         76026F7C 7 Bytes  JMP 000604BC 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!ChangeServiceConfig2W + BB                         7602729C 2 Bytes  JMP 000602F4 
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] ADVAPI32.dll!ChangeServiceConfig2W + BE                         7602729F 4 Bytes  [03, 8A, EB, F9]
.text   C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[848] USER32.dll!RecordShutdownReason + 36A                           763AB7BE 7 Bytes  JMP 00060930 
.text   C:\Windows\System32\hkcmd.exe[1112] ntdll.dll!NtTerminateThread                                                                      77445374 5 Bytes  JMP 0016004C 
.text   C:\Windows\System32\hkcmd.exe[1112] USER32.dll!RecordShutdownReason + 36A                                                            763AB7BE 7 Bytes  JMP 00280930 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!OpenSCManagerA + 125                                                                75FC2EB8 7 Bytes  JMP 00280768 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!CloseServiceHandle + AA                                                             75FC834F 7 Bytes  JMP 00280210 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                         75FE9EAF 7 Bytes  JMP 002805A0 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!CreateServiceW + FF                                                                 75FE9FB3 7 Bytes  JMP 0028012C 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!ControlService + C1                                                                 75FEA079 7 Bytes  JMP 0028084C 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                      76026629 7 Bytes  JMP 002803D8 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!ControlServiceExA + 10E                                                             7602673C 7 Bytes  JMP 00280048 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                       76026DD4 7 Bytes  JMP 00280684 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                          76026F7C 7 Bytes  JMP 002804BC 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                          7602729C 2 Bytes  JMP 002802F4 
.text   C:\Windows\System32\hkcmd.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                          7602729F 4 Bytes  [25, 8A, EB, F9]
.text   C:\Windows\System32\igfxpers.exe[1192] ntdll.dll!NtTerminateThread                                                                   77445374 5 Bytes  JMP 0016004C 
.text   C:\Windows\System32\igfxpers.exe[1192] USER32.dll!RecordShutdownReason + 36A                                                         763AB7BE 7 Bytes  JMP 00180930 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!OpenSCManagerA + 125                                                             75FC2EB8 7 Bytes  JMP 00180768 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!CloseServiceHandle + AA                                                          75FC834F 7 Bytes  JMP 00180210 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                      75FE9EAF 7 Bytes  JMP 001805A0 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!CreateServiceW + FF                                                              75FE9FB3 7 Bytes  JMP 0018012C 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!ControlService + C1                                                              75FEA079 7 Bytes  JMP 0018084C 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                   76026629 7 Bytes  JMP 001803D8 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!ControlServiceExA + 10E                                                          7602673C 7 Bytes  JMP 00180048 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                    76026DD4 7 Bytes  JMP 00180684 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                       76026F7C 7 Bytes  JMP 001804BC 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                       7602729C 2 Bytes  JMP 001802F4 
.text   C:\Windows\System32\igfxpers.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                       7602729F 4 Bytes  [15, 8A, EB, F9]
.text   C:\Program Files\SMINST\BLService.exe[1328] ntdll.dll!NtTerminateThread                                                              77445374 5 Bytes  JMP 0016004C 
.text   C:\Program Files\SMINST\BLService.exe[1328] USER32.dll!RecordShutdownReason + 36A                                                    763AB7BE 7 Bytes  JMP 00280930 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!OpenSCManagerA + 125                                                        75FC2EB8 7 Bytes  JMP 00280768 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!CloseServiceHandle + AA                                                     75FC834F 7 Bytes  JMP 00280210 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                 75FE9EAF 7 Bytes  JMP 002805A0 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!CreateServiceW + FF                                                         75FE9FB3 7 Bytes  JMP 0028012C 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!ControlService + C1                                                         75FEA079 7 Bytes  JMP 0028084C 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                              76026629 7 Bytes  JMP 002803D8 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!ControlServiceExA + 10E                                                     7602673C 7 Bytes  JMP 00280048 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity + FB                                               76026DD4 7 Bytes  JMP 00280684 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                  76026F7C 7 Bytes  JMP 002804BC 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                  7602729C 2 Bytes  JMP 002802F4 
.text   C:\Program Files\SMINST\BLService.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                  7602729F 4 Bytes  [25, 8A, EB, F9]
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ntdll.dll!NtTerminateThread                         77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] USER32.dll!RecordShutdownReason + 36A               763AB7BE 7 Bytes  JMP 00270930 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!OpenSCManagerA + 125                   75FC2EB8 7 Bytes  JMP 00270768 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!CloseServiceHandle + AA                75FC834F 7 Bytes  JMP 00270210 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!AreAllAccessesGranted + 3FD            75FE9EAF 7 Bytes  JMP 002705A0 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!CreateServiceW + FF                    75FE9FB3 7 Bytes  JMP 0027012C 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!ControlService + C1                    75FEA079 7 Bytes  JMP 0027084C 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F         76026629 7 Bytes  JMP 002703D8 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!ControlServiceExA + 10E                7602673C 7 Bytes  JMP 00270048 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity + FB          76026DD4 7 Bytes  JMP 00270684 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!ChangeServiceConfigA + 1A3             76026F7C 7 Bytes  JMP 002704BC 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W + BB             7602729C 2 Bytes  JMP 002702F4 
.text   C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W + BE             7602729F 4 Bytes  [24, 8A, EB, F9] {AND AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ntdll.dll!NtTerminateThread                       77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!OpenSCManagerA + 125                 75FC2EB8 7 Bytes  JMP 00260768 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!CloseServiceHandle + AA              75FC834F 7 Bytes  JMP 00260210 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!AreAllAccessesGranted + 3FD          75FE9EAF 7 Bytes  JMP 002605A0 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!CreateServiceW + FF                  75FE9FB3 7 Bytes  JMP 0026012C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!ControlService + C1                  75FEA079 7 Bytes  JMP 0026084C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F       76026629 7 Bytes  JMP 002603D8 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!ControlServiceExA + 10E              7602673C 7 Bytes  JMP 00260048 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity + FB        76026DD4 7 Bytes  JMP 00260684 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!ChangeServiceConfigA + 1A3           76026F7C 7 Bytes  JMP 002604BC 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W + BB           7602729C 2 Bytes  JMP 002602F4 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W + BE           7602729F 4 Bytes  [23, 8A, EB, F9]
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1832] USER32.dll!RecordShutdownReason + 36A             763AB7BE 7 Bytes  JMP 00260930 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ntdll.dll!NtTerminateThread                                              77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] USER32.dll!RecordShutdownReason + 36A                                    763AB7BE 7 Bytes  JMP 00070930 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!OpenSCManagerA + 125                                        75FC2EB8 7 Bytes  JMP 00070768 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!CloseServiceHandle + AA                                     75FC834F 7 Bytes  JMP 00070210 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                 75FE9EAF 7 Bytes  JMP 000705A0 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!CreateServiceW + FF                                         75FE9FB3 7 Bytes  JMP 0007012C 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!ControlService + C1                                         75FEA079 7 Bytes  JMP 0007084C 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                              76026629 7 Bytes  JMP 000703D8 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!ControlServiceExA + 10E                                     7602673C 7 Bytes  JMP 00070048 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity + FB                               76026DD4 7 Bytes  JMP 00070684 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                  76026F7C 7 Bytes  JMP 000704BC 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W + BB                                  7602729C 2 Bytes  JMP 000702F4 
.text   C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W + BE                                  7602729F 4 Bytes  [04, 8A, EB, F9] {ADD AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ntdll.dll!NtTerminateThread                                             77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!OpenSCManagerA + 125                                       75FC2EB8 7 Bytes  JMP 00160768 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!CloseServiceHandle + AA                                    75FC834F 7 Bytes  JMP 00160210 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75FE9EAF 7 Bytes  JMP 001605A0 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!CreateServiceW + FF                                        75FE9FB3 7 Bytes  JMP 0016012C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!ControlService + C1                                        75FEA079 7 Bytes  JMP 0016084C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             76026629 7 Bytes  JMP 001603D8 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!ControlServiceExA + 10E                                    7602673C 7 Bytes  JMP 00160048 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity + FB                              76026DD4 7 Bytes  JMP 00160684 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 76026F7C 7 Bytes  JMP 001604BC 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 7602729C 2 Bytes  JMP 001602F4 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 7602729F 4 Bytes  [13, 8A, EB, F9]
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe[1964] USER32.dll!RecordShutdownReason + 36A                                   763AB7BE 7 Bytes  JMP 00160930 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ntdll.dll!NtTerminateThread                                               77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!OpenSCManagerA + 125                                         75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!CloseServiceHandle + AA                                      75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                  75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!CreateServiceW + FF                                          75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!ControlService + C1                                          75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                               76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!ControlServiceExA + 10E                                      7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!SetServiceObjectSecurity + FB                                76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                   76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!ChangeServiceConfig2W + BB                                   7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2184] ADVAPI32.dll!ChangeServiceConfig2W + BE                                   7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ntdll.dll!NtTerminateThread                                               77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] USER32.dll!RecordShutdownReason + 36A                                     763AB7BE 7 Bytes  JMP 00170930 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!OpenSCManagerA + 125                                         75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!CloseServiceHandle + AA                                      75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                  75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!CreateServiceW + FF                                          75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!ControlService + C1                                          75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                               76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!ControlServiceExA + 10E                                      7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity + FB                                76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                   76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W + BB                                   7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W + BE                                   7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ntdll.dll!NtTerminateThread                                            77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!OpenSCManagerA + 125                                      75FC2EB8 7 Bytes  JMP 00260768 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!CloseServiceHandle + AA                                   75FC834F 7 Bytes  JMP 00260210 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!AreAllAccessesGranted + 3FD                               75FE9EAF 7 Bytes  JMP 002605A0 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!CreateServiceW + FF                                       75FE9FB3 7 Bytes  JMP 0026012C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!ControlService + C1                                       75FEA079 7 Bytes  JMP 0026084C 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                            76026629 7 Bytes  JMP 002603D8 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!ControlServiceExA + 10E                                   7602673C 7 Bytes  JMP 00260048 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity + FB                             76026DD4 7 Bytes  JMP 00260684 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                76026F7C 7 Bytes  JMP 002604BC 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W + BB                                7602729C 2 Bytes  JMP 002602F4 
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W + BE                                7602729F 4 Bytes  [23, 8A, EB, F9]
.text   C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe[2840] USER32.dll!RecordShutdownReason + 36A                                  763AB7BE 7 Bytes  JMP 00260930 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ntdll.dll!NtTerminateThread                              77445374 5 Bytes  JMP 0017004C 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] USER32.dll!RecordShutdownReason + 36A                    763AB7BE 7 Bytes  JMP 00190930 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!OpenSCManagerA + 125                        75FC2EB8 7 Bytes  JMP 00190768 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!CloseServiceHandle + AA                     75FC834F 7 Bytes  JMP 00190210 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!AreAllAccessesGranted + 3FD                 75FE9EAF 7 Bytes  JMP 001905A0 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!CreateServiceW + FF                         75FE9FB3 7 Bytes  JMP 0019012C 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!ControlService + C1                         75FEA079 7 Bytes  JMP 0019084C 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F              76026629 7 Bytes  JMP 001903D8 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!ControlServiceExA + 10E                     7602673C 7 Bytes  JMP 00190048 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity + FB               76026DD4 7 Bytes  JMP 00190684 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!ChangeServiceConfigA + 1A3                  76026F7C 7 Bytes  JMP 001904BC 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W + BB                  7602729C 2 Bytes  JMP 001902F4 
.text   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W + BE                  7602729F 4 Bytes  [16, 8A, EB, F9] {PUSH SS; MOV CH, BL; STC }
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ntdll.dll!NtTerminateThread                                77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!OpenSCManagerA + 125                          75FC2EB8 7 Bytes  JMP 00270768 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!CloseServiceHandle + AA                       75FC834F 7 Bytes  JMP 00270210 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!AreAllAccessesGranted + 3FD                   75FE9EAF 7 Bytes  JMP 002705A0 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!CreateServiceW + FF                           75FE9FB3 7 Bytes  JMP 0027012C 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!ControlService + C1                           75FEA079 7 Bytes  JMP 0027084C 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                76026629 7 Bytes  JMP 002703D8 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!ControlServiceExA + 10E                       7602673C 7 Bytes  JMP 00270048 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity + FB                 76026DD4 7 Bytes  JMP 00270684 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!ChangeServiceConfigA + 1A3                    76026F7C 7 Bytes  JMP 002704BC 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W + BB                    7602729C 2 Bytes  JMP 002702F4 
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W + BE                    7602729F 4 Bytes  [24, 8A, EB, F9] {AND AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3000] USER32.dll!RecordShutdownReason + 36A                      763AB7BE 7 Bytes  JMP 00270930 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ntdll.dll!NtTerminateThread                                         77445374 5 Bytes  JMP 0016004C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] USER32.dll!RecordShutdownReason + 36A                               763AB7BE 7 Bytes  JMP 00180930 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!OpenSCManagerA + 125                                   75FC2EB8 7 Bytes  JMP 00180768 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!CloseServiceHandle + AA                                75FC834F 7 Bytes  JMP 00180210 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!AreAllAccessesGranted + 3FD                            75FE9EAF 7 Bytes  JMP 001805A0 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!CreateServiceW + FF                                    75FE9FB3 7 Bytes  JMP 0018012C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!ControlService + C1                                    75FEA079 7 Bytes  JMP 0018084C 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                         76026629 7 Bytes  JMP 001803D8 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!ControlServiceExA + 10E                                7602673C 7 Bytes  JMP 00180048 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity + FB                          76026DD4 7 Bytes  JMP 00180684 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!ChangeServiceConfigA + 1A3                             76026F7C 7 Bytes  JMP 001804BC 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W + BB                             7602729C 2 Bytes  JMP 001802F4 
.text   C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W + BE                             7602729F 4 Bytes  [15, 8A, EB, F9]
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ntdll.dll!NtTerminateThread                                                       77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!RecordShutdownReason + 36A                                             763AB7BE 7 Bytes  JMP 00070AF4 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!OpenSCManagerA + 125                                                 75FC2EB8 7 Bytes  JMP 00070768 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!CloseServiceHandle + AA                                              75FC834F 7 Bytes  JMP 00070210 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                          75FE9EAF 7 Bytes  JMP 000705A0 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!CreateServiceW + FF                                                  75FE9FB3 7 Bytes  JMP 0007012C 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!ControlService + C1                                                  75FEA079 7 Bytes  JMP 0007084C 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                       76026629 7 Bytes  JMP 000703D8 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!ControlServiceExA + 10E                                              7602673C 7 Bytes  JMP 00070048 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity + FB                                        76026DD4 7 Bytes  JMP 00070684 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                           76026F7C 7 Bytes  JMP 000704BC 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W + BB                                           7602729C 2 Bytes  JMP 000702F4 
.text   C:\Program Files\Ask.com\Updater\Updater.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W + BE                                           7602729F 4 Bytes  [04, 8A, EB, F9] {ADD AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ntdll.dll!NtTerminateThread                                                     77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] USER32.dll!RecordShutdownReason + 36A                                           763AB7BE 7 Bytes  JMP 00160AF4 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!OpenSCManagerA + 125                                               75FC2EB8 7 Bytes  JMP 00160768 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!CloseServiceHandle + AA                                            75FC834F 7 Bytes  JMP 00160210 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                        75FE9EAF 7 Bytes  JMP 001605A0 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!CreateServiceW + FF                                                75FE9FB3 7 Bytes  JMP 0016012C 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!ControlService + C1                                                75FEA079 7 Bytes  JMP 0016084C 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                     76026629 7 Bytes  JMP 001603D8 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!ControlServiceExA + 10E                                            7602673C 7 Bytes  JMP 00160048 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity + FB                                      76026DD4 7 Bytes  JMP 00160684 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                         76026F7C 7 Bytes  JMP 001604BC 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W + BB                                         7602729C 2 Bytes  JMP 001602F4 
.text   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W + BE                                         7602729F 4 Bytes  [13, 8A, EB, F9]
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ntdll.dll!NtTerminateThread                  77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!OpenSCManagerA + 125            75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!CloseServiceHandle + AA         75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!AreAllAccessesGranted + 3FD     75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!CreateServiceW + FF             75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!ControlService + C1             75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F  76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!ControlServiceExA + 10E         7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity + FB   76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!ChangeServiceConfigA + 1A3      76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W + BB      7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W + BE      7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3464] USER32.dll!RecordShutdownReason + 36A        763AB7BE 7 Bytes  JMP 00170930 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ntdll.dll!NtTerminateThread                                                                   77445374 5 Bytes  JMP 0002004C 
.text   C:\Windows\system32\igfxsrvc.exe[3468] USER32.dll!RecordShutdownReason + 36A                                                         763AB7BE 7 Bytes  JMP 00370930 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!OpenSCManagerA + 125                                                             75FC2EB8 7 Bytes  JMP 00370768 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!CloseServiceHandle + AA                                                          75FC834F 7 Bytes  JMP 00370210 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                      75FE9EAF 7 Bytes  JMP 003705A0 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!CreateServiceW + FF                                                              75FE9FB3 7 Bytes  JMP 0037012C 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!ControlService + C1                                                              75FEA079 7 Bytes  JMP 0037084C 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                                   76026629 7 Bytes  JMP 003703D8 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!ControlServiceExA + 10E                                                          7602673C 7 Bytes  JMP 00370048 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity + FB                                                    76026DD4 7 Bytes  JMP 00370684 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                       76026F7C 7 Bytes  JMP 003704BC 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                       7602729C 2 Bytes  JMP 003702F4 
.text   C:\Windows\system32\igfxsrvc.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W + BE                                                       7602729F 4 Bytes  [34, 8A, EB, F9] {XOR AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ntdll.dll!NtTerminateThread                                         77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!OpenSCManagerA + 125                                   75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!CloseServiceHandle + AA                                75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!AreAllAccessesGranted + 3FD                            75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!CreateServiceW + FF                                    75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ControlService + C1                                    75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                         76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ControlServiceExA + 10E                                7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity + FB                          76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfigA + 1A3                             76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W + BB                             7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W + BE                             7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Common Files\Java\Java Update\jusched.exe[3536] USER32.dll!RecordShutdownReason + 36A                               763AB7BE 7 Bytes  JMP 00170AF4 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ntdll.dll!NtTerminateThread                                               77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] USER32.dll!RecordShutdownReason + 36A                                     763AB7BE 7 Bytes  JMP 00370AF4 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!OpenSCManagerA + 125                                         75FC2EB8 7 Bytes  JMP 00370768 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!CloseServiceHandle + AA                                      75FC834F 7 Bytes  JMP 00370210 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                  75FE9EAF 7 Bytes  JMP 003705A0 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!CreateServiceW + FF                                          75FE9FB3 7 Bytes  JMP 0037012C 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!ControlService + C1                                          75FEA079 7 Bytes  JMP 0037084C 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                               76026629 7 Bytes  JMP 003703D8 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!ControlServiceExA + 10E                                      7602673C 7 Bytes  JMP 00370048 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity + FB                                76026DD4 7 Bytes  JMP 00370684 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                   76026F7C 7 Bytes  JMP 003704BC 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W + BB                                   7602729C 2 Bytes  JMP 003702F4 
.text   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W + BE                                   7602729F 4 Bytes  [34, 8A, EB, F9] {XOR AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ntdll.dll!NtTerminateThread                               77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] USER32.dll!RecordShutdownReason + 36A                     763AB7BE 7 Bytes  JMP 00170930 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!OpenSCManagerA + 125                         75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!CloseServiceHandle + AA                      75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!AreAllAccessesGranted + 3FD                  75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!CreateServiceW + FF                          75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!ControlService + C1                          75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F               76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!ControlServiceExA + 10E                      7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!SetServiceObjectSecurity + FB                76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!ChangeServiceConfigA + 1A3                   76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!ChangeServiceConfig2W + BB                   7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3544] ADVAPI32.dll!ChangeServiceConfig2W + BE                   7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ntdll.dll!NtTerminateThread                                                  77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] USER32.dll!RecordShutdownReason + 36A                                        763AB7BE 7 Bytes  JMP 00270930 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!OpenSCManagerA + 125                                            75FC2EB8 7 Bytes  JMP 00270768 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!CloseServiceHandle + AA                                         75FC834F 7 Bytes  JMP 00270210 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                     75FE9EAF 7 Bytes  JMP 002705A0 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!CreateServiceW + FF                                             75FE9FB3 7 Bytes  JMP 0027012C 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!ControlService + C1                                             75FEA079 7 Bytes  JMP 0027084C 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                  76026629 7 Bytes  JMP 002703D8 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!ControlServiceExA + 10E                                         7602673C 7 Bytes  JMP 00270048 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!SetServiceObjectSecurity + FB                                   76026DD4 7 Bytes  JMP 00270684 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                      76026F7C 7 Bytes  JMP 002704BC 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BB                                      7602729C 2 Bytes  JMP 002702F4 
.text   C:\Program Files\Personal Backup 5\Persbackup.exe[4020] ADVAPI32.dll!ChangeServiceConfig2W + BE                                      7602729F 4 Bytes  [24, 8A, EB, F9] {AND AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ntdll.dll!NtTerminateThread                                                             77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] USER32.dll!RecordShutdownReason + 36A                                                   763AB7BE 7 Bytes  JMP 00070048 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!OpenSCManagerA + 125                                                       75FC2EB8 7 Bytes  JMP 0007084A 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!CloseServiceHandle + AA                                                    75FC834F 7 Bytes  JMP 000702F2 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                                75FE9EAF 7 Bytes  JMP 00070682 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!CreateServiceW + FF                                                        75FE9FB3 7 Bytes  JMP 0007020E 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!ControlService + C1                                                        75FEA079 7 Bytes  JMP 0007092E 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                             76026629 7 Bytes  JMP 000704BA 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!ControlServiceExA + 10E                                                    7602673C 7 Bytes  JMP 0007012A 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity + FB                                              76026DD4 7 Bytes  JMP 00070766 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                                 76026F7C 7 Bytes  JMP 0007059E 
.text   C:\Program Files\Skype\Phone\Skype.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W + BB                                                 7602729C 7 Bytes  JMP 000703D6 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ntdll.dll!NtTerminateThread                            77445374 5 Bytes  JMP 0002004C 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] USER32.dll!RecordShutdownReason + 36A                  763AB7BE 7 Bytes  JMP 00070930 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!OpenSCManagerA + 125                      75FC2EB8 7 Bytes  JMP 00070768 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!CloseServiceHandle + AA                   75FC834F 7 Bytes  JMP 00070210 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!AreAllAccessesGranted + 3FD               75FE9EAF 7 Bytes  JMP 000705A0 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!CreateServiceW + FF                       75FE9FB3 7 Bytes  JMP 0007012C 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!ControlService + C1                       75FEA079 7 Bytes  JMP 0007084C 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F            76026629 7 Bytes  JMP 000703D8 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!ControlServiceExA + 10E                   7602673C 7 Bytes  JMP 00070048 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!SetServiceObjectSecurity + FB             76026DD4 7 Bytes  JMP 00070684 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!ChangeServiceConfigA + 1A3                76026F7C 7 Bytes  JMP 000704BC 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!ChangeServiceConfig2W + BB                7602729C 2 Bytes  JMP 000702F4 
.text   C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe[4312] ADVAPI32.dll!ChangeServiceConfig2W + BE                7602729F 4 Bytes  [04, 8A, EB, F9] {ADD AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ntdll.dll!NtTerminateThread                                 77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!OpenSCManagerA + 125                           75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!CloseServiceHandle + AA                        75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!AreAllAccessesGranted + 3FD                    75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!CreateServiceW + FF                            75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!ControlService + C1                            75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                 76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!ControlServiceExA + 10E                        7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!SetServiceObjectSecurity + FB                  76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!ChangeServiceConfigA + 1A3                     76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!ChangeServiceConfig2W + BB                     7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] ADVAPI32.dll!ChangeServiceConfig2W + BE                     7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[4384] USER32.dll!RecordShutdownReason + 36A                       763AB7BE 7 Bytes  JMP 00170930 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ntdll.dll!NtTerminateThread                                             77445374 5 Bytes  JMP 0002004C 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] USER32.dll!RecordShutdownReason + 36A                                   763AB7BE 7 Bytes  JMP 00170930 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!OpenSCManagerA + 125                                       75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!CloseServiceHandle + AA                                    75FC834F 7 Bytes  JMP 00170210 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!CreateServiceW + FF                                        75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!ControlService + C1                                        75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                             76026629 7 Bytes  JMP 001703D8 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!ControlServiceExA + 10E                                    7602673C 7 Bytes  JMP 00170048 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!SetServiceObjectSecurity + FB                              76026DD4 7 Bytes  JMP 00170684 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                 76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!ChangeServiceConfig2W + BB                                 7602729C 2 Bytes  JMP 001702F4 
.text   C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[4588] ADVAPI32.dll!ChangeServiceConfig2W + BE                                 7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ntdll.dll!NtTerminateThread                                                        77445374 5 Bytes  JMP 0002004C 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!OpenSCManagerA + 125                                                  75FC2EB8 7 Bytes  JMP 00170768 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!CloseServiceHandle + AA                                               75FC834F 7 Bytes  JMP 00170210 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!AreAllAccessesGranted + 3FD                                           75FE9EAF 7 Bytes  JMP 001705A0 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!CreateServiceW + FF                                                   75FE9FB3 7 Bytes  JMP 0017012C 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!ControlService + C1                                                   75FEA079 7 Bytes  JMP 0017084C 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F                                        76026629 7 Bytes  JMP 001703D8 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!ControlServiceExA + 10E                                               7602673C 7 Bytes  JMP 00170048 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!SetServiceObjectSecurity + FB                                         76026DD4 7 Bytes  JMP 00170684 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!ChangeServiceConfigA + 1A3                                            76026F7C 7 Bytes  JMP 001704BC 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!ChangeServiceConfig2W + BB                                            7602729C 2 Bytes  JMP 001702F4 
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] ADVAPI32.dll!ChangeServiceConfig2W + BE                                            7602729F 4 Bytes  [14, 8A, EB, F9] {ADC AL, 0x8a; JMP 0xfffffffd}
.text   C:\Users\***\Desktop\gmer_2.1.19163.exe[5236] USER32.dll!RecordShutdownReason + 36A                                              763AB7BE 7 Bytes  JMP 00170930 

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
Ich danke schon mal wieder im Voraus, für die ganze Arbeit die sich jemand macht um, mein Problem zu lösen.... viele Grüße,

G.Vadda

Habe gerade eine "Dateiausführungsverhinderung" gehabt:

mein WIN schreibt mir dazu:
Die Datenausführungsverhinderung (Data Execution Prevention, DEP) ist ein Sicherheitsfeature, das den Computer vor Schäden durch Viren und andere Sicherheitsbedrohungen schützen kann. Gefährliche Programme können Windows angreifen und dabei versuchen, Code in Systemspeicherbereichen auszuführen, der für Windows und andere autorisierte Programme reserviert ist. Derartige Angriffe können Programme und Dateien beschädigen.

Die Datenausführungsverhinderung kann zum Schutz des Computers beitragen, indem die Programme überwacht werden. Auf diese Weise wird sichergestellt, dass der Systemspeicher von den betreffenden Programmen gefahrlos verwendet werden kann. Falls von der Datenausführungsverhinderung festgestellt wird, dass ein Programm auf dem Computer in unzulässiger Weise auf den Speicher zugreift, wird das Programm geschlossen, und Sie werden benachrichtigt.

Es wurde ein Symantec Produkt geschlossen.... ich habe eine derartige Aktion bisher noch nicht am PC gehabt. Scheint also in Zusammenhang mit meinem "Befall" zu stehen - vielleicht ja auch nicht, aber ich soll ja alles schreiben was mir auffällig erscheint....
__________________

Alt 27.06.2013, 11:09   #4
aharonov
/// TB-Ausbilder
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hi,

was das mit der Datenausführungsverhinderung auf sich hat, kann ich im Moment noch nicht sagen. Aber ist immer gut, solche Auffälligkeiten zu melden.
Schauen wir mal weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 27.06.2013, 18:22   #5
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo Leo,

jetzt hab ich alles zusammen: muss 140 Zeichn löscehn, dass ich posten kann - setz ich gleich dansch ein sind die ersten Zeichen aus Log Adwcleaner:

Code:
ATTFilter
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Program Files\Winload
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Admin\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\***\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\ConduitCommon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\CT2319825
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\DTToolbar@toolbarnet.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Viewpoint
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27879A6A-F246-4B94-9B94-0903E0CF55A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A1E830F-61B7-4926-9C78-A318AD43B3EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9300796-4985-4EF1-8985-E8D11120E714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\Software\OpenCandy
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\Winload
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2319825..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2319825.AppTrackingLastCheckTime", "Wed Mar 30 2011 13:53:07 GMT+0200");
Gelöscht : user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true);
Gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0");
Gelöscht : user_pref("CT2319825.CurrentServerDate", "28-12-2012");
Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Fri Dec 28 2012 13:27:02 GMT+0100");
Gelöscht : user_pref("CT2319825.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Wed Jun 13 2012 16:48:29 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Wed Jun 13 2012 16:43:32 GMT+0200");
Gelöscht : user_pref("CT2319825.FirstServerDate", "28-1-2011");
Gelöscht : user_pref("CT2319825.FirstTime", true);
Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2319825.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2319825.GroupingLastCheckTime", "0");
Gelöscht : user_pref("CT2319825.GroupingLastServerUpdateTime", "0");
Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2319825.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2319825.Initialize", true);
Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2319825.InstalledDate", "Fri Jan 28 2011 11:21:49 GMT+0100");
Gelöscht : user_pref("CT2319825.InvalidateCache", false);
Gelöscht : user_pref("CT2319825.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2319825.IsGrouping", false);
Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Dec 28 2012 13:27:01 GMT+0100");
Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Mar 30 2011 10:04:33 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.13.0.6", "Mon Jul 23 2012 19:40:31 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.14.1.0", "Tue Oct 16 2012 22:41:45 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.15.1.0", "Tue Dec 18 2012 00:44:47 GMT+0100");
Gelöscht : user_pref("CT2319825.LastLogin_3.16.0.3", "Fri Dec 28 2012 13:27:00 GMT+0100");
Gelöscht : user_pref("CT2319825.LastLogin_3.3.3.2", "Thu Sep 22 2011 14:13:31 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Jun 13 2012 16:43:21 GMT+0200");
Gelöscht : user_pref("CT2319825.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2319825.Locale", "de");
Gelöscht : user_pref("CT2319825.LoginCache", 4);
Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Wed Jun 13 2012 16:52:33 GMT+0200");
Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "0");
Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gelöscht : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2319825.SearchEngineBeforeUnload", "Search the web (Babylon)");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Dec 28 2012 13:26:59 GMT+0100");
Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2319825.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2319825.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Fri Dec 28 2012 13:26:56 GMT+0100");
Gelöscht : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Fri Dec 28 2012 13:26:58 GMT+0100");
Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1356544299");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Dec 18 2012 00:44:46 GMT+0100");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2319825.UserID", "UN17688443275430016");
Gelöscht : user_pref("CT2319825.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Gelöscht : user_pref("CT2319825.WeatherPollDate", "Wed Jun 13 2012 16:43:18 GMT+0200");
Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Gelöscht : user_pref("CT2319825.backendstorage.id", "33333538383638");
Gelöscht : user_pref("CT2319825.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2319825.components.1000034", false);
Gelöscht : user_pref("CT2319825.components.1000082", false);
Gelöscht : user_pref("CT2319825.components.1000234", false);
Gelöscht : user_pref("CT2319825.components.128903248917881403", false);
Gelöscht : user_pref("CT2319825.components.129136390572498374", false);
Gelöscht : user_pref("CT2319825.components.129264494738128351", false);
Gelöscht : user_pref("CT2319825.components.129264512281565287", false);
Gelöscht : user_pref("CT2319825.components.129277509933662715", false);
Gelöscht : user_pref("CT2319825.components.129309281463312841", false);
Gelöscht : user_pref("CT2319825.components.129769053852558608", false);
Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Fri Dec 28 2012 13:27:04 GMT+0100");
Gelöscht : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2319825.initDone", true);
Gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2319825.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,12976905385255[...]
Gelöscht : user_pref("CT2319825.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2319825.testingCtid", "");
Gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Fri Dec 28 2012 13:27:02 GMT+0100");
Gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Dec 18 2012 00:44:49 GMT+0100");
Gelöscht : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2319825.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"559[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.imesh.com/webResults.html?[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 30 2011 13:52:37 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed May 25 2011 17:24:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Sep 22 2011 14:13:26 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "e7852db8-b6ca-4a90-b56d-4215fa08a30a");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 13 2012 16:43:17 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "79f9a47a-90b2-4689-a8e8-63ba1acf3e17");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 28 2012 13:27:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 28 2012 13:27:17 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 28 2012 13:27:07 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "ade6516d-004f-483d-88d1-ebfb6330da29");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.imesh.com/webResults.html?s[...]
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "IT");
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "37A5A89AF9D971048D26F056EEE6F07A");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "26");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 26);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "20.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 105517570);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Gelöscht : user_pref("extensions.MP3RV6.previous-keyword-url", "\"hxxp://search.imesh.com/webResults.html?src=f[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/Babylon");

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fh46v78e.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2528] : urls_to_restore_on_startup = [ "hxxp://www.search.ask.com/?l=dis&o=APN10719cr&gct=hp&apn_ptnr[...]

*************************

AdwCleaner[S1].txt - [37524 octets] - [27/06/2013 13:53:33]

########## EOF - C:\AdwCleaner[S1].txt - [37585 octets] ##########
         

Log Combofix:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-27.01 - *** 27.06.2013  14:14:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3002.1819 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Roaming\Fedaaf
c:\users\***\AppData\Roaming\Fedaaf\daapav.hoy
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\SP-1000.jpg
c:\users\***\AppData\Roaming\Piyndy
c:\users\***\AppData\Roaming\Piyndy\wouban.keo
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-27 bis 2013-06-27  ))))))))))))))))))))))))))))))
.
.
2013-06-27 12:32 . 2013-06-27 12:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-27 12:32 . 2013-06-27 12:32	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-06-26 09:49 . 2013-06-26 09:49	103680	----a-w-	C:\pwdiyfob.sys
2013-06-25 11:52 . 2013-06-25 11:53	--------	d-----w-	c:\users\***\AppData\Roaming\Avqo
2013-06-25 11:47 . 2013-06-25 11:48	--------	d-----w-	c:\users\***\AppData\Roaming\Obypy
2013-06-25 11:47 . 2013-06-25 11:47	--------	d-----w-	c:\users\***\AppData\Roaming\Vak
2013-06-25 11:43 . 2013-06-25 11:47	--------	d-----w-	c:\users\***\AppData\Roaming\Puuswi
2013-06-25 11:43 . 2013-06-25 11:43	--------	d-----w-	c:\users\***\AppData\Roaming\Muyci
2013-06-25 11:43 . 2013-06-25 11:43	--------	d-----w-	c:\users\***\AppData\Roaming\Yka
2013-06-19 10:01 . 2013-06-12 19:48	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 20:28 . 2013-05-08 04:37	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 20:28 . 2013-05-02 04:04	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 20:28 . 2013-05-02 04:03	37376	----a-w-	c:\windows\system32\printcom.dll
2013-06-12 20:28 . 2013-04-24 04:00	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 20:28 . 2013-04-24 04:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 20:28 . 2013-04-24 01:46	812544	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 20:28 . 2013-04-24 04:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 20:28 . 2013-04-24 04:00	41984	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 20:27 . 2013-05-02 22:03	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 20:27 . 2013-05-02 22:03	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 20:27 . 2013-04-17 12:30	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-10 09:17 . 2013-06-19 08:49	--------	d-----w-	c:\windows\system32\drivers\NIS\1404000.028
2013-06-06 13:10 . 2013-06-06 13:10	--------	d-----w-	c:\windows\Options
2013-06-06 13:09 . 2010-09-20 15:19	86016	----a-w-	c:\windows\system32\wgapiloc.dll
2013-06-06 13:09 . 2010-09-20 15:19	94208	----a-w-	c:\windows\system32\athcfg11resloc.dll
2013-06-06 13:09 . 2010-09-20 15:12	426075	----a-w-	c:\windows\system32\wgapi.dll
2013-06-06 13:09 . 2010-09-20 15:12	335964	----a-w-	c:\windows\system32\wcapiU.dll
2013-06-06 13:09 . 2010-09-20 15:10	413765	----a-w-	c:\windows\system32\wcapi.dll
2013-06-06 13:09 . 2010-09-20 15:13	311391	----a-w-	c:\windows\system32\athcfg20U.dll
2013-06-06 13:09 . 2010-09-20 15:13	127080	----a-w-	c:\windows\system32\athcfg20resU.dll
2013-06-06 13:09 . 2010-09-20 15:09	299080	----a-w-	c:\windows\system32\athcfg20.dll
2013-06-06 13:09 . 2010-09-20 15:09	127054	----a-w-	c:\windows\system32\athcfg20res.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-29 19:01 . 2013-05-29 19:01	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-29 19:00 . 2013-05-29 19:01	--------	d-----w-	c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 08:09 . 2009-03-02 20:24	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-12 19:48 . 2013-04-26 06:12	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-12 19:48 . 2010-04-19 06:25	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-12 07:39 . 2012-07-27 05:33	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 07:39 . 2011-05-13 13:48	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-28 17:08 . 2013-04-28 17:07	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-04-15 14:20 . 2013-05-15 07:00	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 07:00	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 06:59	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 06:57 . 2013-04-24 08:52	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 01:01	1467528	----a-w-	c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9}]
2011-09-09 11:38	50256	----a-w-	c:\program files\billigerde\Internet Explorer\billigerde.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2011-03-11 12:00	973584	----a-w-	c:\program files\Sage\Sage Online-Backup Client\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoReadonly]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2C}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2C}]
2011-03-11 12:00	973584	----a-w-	c:\program files\Sage\Sage Online-Backup Client\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2011-03-11 12:00	973584	----a-w-	c:\program files\Sage\Sage Online-Backup Client\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2011-03-11 12:00	973584	----a-w-	c:\program files\Sage\Sage Online-Backup Client\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2011-03-11 12:00	973584	----a-w-	c:\program files\Sage\Sage Online-Backup Client\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe /auto [2011-12-15 4174848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage Online-Backup Client.lnk]
backup=c:\windows\pss\Sage Online-Backup Client.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage Online-Backup Client.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 00:08	483328	----a-w-	c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 05:29	67752	----a-w-	c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17	207424	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 15:14	202032	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-23 16:21	468264	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-12-05 12:22	247768	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55	222504	------w-	c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-06 19:42	210216	------w-	c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 06:35	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 07:39]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 14:02]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 14:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: posbote.de\tagwerk-design
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.ftp - 219.234.82.84
FF - prefs.js: network.proxy.ftp_port - 33948
FF - prefs.js: network.proxy.http - 219.234.82.84
FF - prefs.js: network.proxy.http_port - 33948
FF - prefs.js: network.proxy.ssl - 219.234.82.84
FF - prefs.js: network.proxy.ssl_port - 33948
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: !HIDDEN! 2009-07-16 02:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
BHO-{4D503352-5636-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll
Toolbar-{4D503352-5636-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-27 14:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\***\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-27  14:40:51
ComboFix-quarantined-files.txt  2013-06-27 12:40
.
Vor Suchlauf: 16 Verzeichnis(se), 32.912.486.400 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 33.792.778.240 Bytes frei
.
- - End Of File - - FA33D129CC3D0BA1B5EA5D55C300AD5D
         
--- --- --- 588AE8F0C685C02BA11F30D9CD7E61A0
und schließlich Log von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.06.2013 15:02:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,75% Memory free
6,06 Gb Paging File | 4,58 Gb Available in Paging File | 75,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 31,53 Gb Free Space | 14,18% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE
PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll
MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll
MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll
MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll
MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll
MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com)
SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130626.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130626.022\NAVENG.SYS -- (NAVENG)
DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS)
DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130626.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.ftp: "219.234.82.84"
FF - prefs.js..network.proxy.ftp_port: 33948
FF - prefs.js..network.proxy.http: "219.234.82.84"
FF - prefs.js..network.proxy.http_port: 33948
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "219.234.82.84"
FF - prefs.js..network.proxy.ssl_port: 33948
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.27 13:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
 
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.27 13:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions
[2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung
[2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi
[2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi
[2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi
[2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml
[2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml
[2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\
 
O1 HOSTS File: ([2013.06.27 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: posbote.de ([tagwerk-design] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 14:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.27 14:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.27 14:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.27 14:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.27 14:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.27 14:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.27 14:05:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.27 13:26:29 | 005,083,698 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.06.26 11:49:42 | 000,103,680 | ---- | C] (GMER) -- C:\pwdiyfob.sys
[2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy
[2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci
[2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll
[2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll
[2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll
[2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll
[2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll
[2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll
[2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll
[2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll
[2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll
[2013.05.29 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.29 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.27 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 14:34:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.27 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.27 13:58:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.27 13:57:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.06.27 13:57:53 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 13:57:53 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 13:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 13:56:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.27 13:26:54 | 005,083,698 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.06.27 13:26:01 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.06.27 08:41:48 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2013.06.26 12:35:12 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.06.26 11:49:42 | 000,103,680 | ---- | M] (GMER) -- C:\pwdiyfob.sys
[2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.25 15:21:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.06.20 14:21:13 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.20 14:21:13 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.20 14:21:12 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.20 14:21:12 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013.06.11 09:21:43 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
[2013.06.03 22:00:01 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI
[2013.05.29 21:01:16 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.27 14:08:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.27 14:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.27 14:08:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.27 14:08:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.27 14:08:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.27 13:26:00 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.06.26 12:35:12 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.25 15:21:27 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2013.05.29 21:01:15 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg
[2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif
[2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg
[2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\Aaron_Jacob_Zoo2012.jpg
[2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf
[2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf
[2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg
[2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd
[2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung solaris-music.pdf
[2011.06.30 11:00:53 | 000,000,019 | ---- | C] () -- C:\Windows\RETRIEVE.INI
[2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk
[2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf
[2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg
[2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf
[2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf
[2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf
[2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf
[2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old
[2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache
[2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\walli.lnk
[2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps
[2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf
[2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.09 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AceBIT
[2010.04.09 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart Label Printer
[2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2013.06.25 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avqo
[2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate
[2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec
[2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net
[2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket
[2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muyci
[2013.06.25 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Obypy
[2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic
[2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX
[2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup
[2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5
[2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puuswi
[2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD
[2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD
[2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer
[2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity
[2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vak
[2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2013.06.25 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yka
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >
         
--- --- ---


Viele Grüße vom G.Vadda


Alt 27.06.2013, 18:24   #6
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 27/06/2013 um 13:53:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : APNMCP

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\imeshwebsearch.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
         
hier also der Rest

Viele Grüße, G.Vadda

Alt 28.06.2013, 00:57   #7
aharonov
/// TB-Ausbilder
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo,

wie läuft der Rechner jetzt?


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
[2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy
[2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci
[2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml
[2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml
FF - prefs.js..network.proxy.ftp: "219.234.82.84"
FF - prefs.js..network.proxy.ftp_port: 33948
FF - prefs.js..network.proxy.http: "219.234.82.84"
FF - prefs.js..network.proxy.http_port: 33948
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "219.234.82.84"
FF - prefs.js..network.proxy.ssl_port: 33948
FF - prefs.js..network.proxy.type: 1
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Alt 29.06.2013, 11:10   #8
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo Leo,

hier die gewünschten logs:

Fixlog von OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:888AFB86 deleted successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\Users\***\AppData\Roaming\Avqo folder moved successfully.
C:\Users\***\AppData\Roaming\Vak folder moved successfully.
C:\Users\***\AppData\Roaming\Obypy folder moved successfully.
C:\Users\***\AppData\Roaming\Puuswi folder moved successfully.
C:\Users\***\AppData\Roaming\Yka folder moved successfully.
C:\Users\***\AppData\Roaming\Muyci folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml moved successfully.
Prefs.js: "219.234.82.84" removed from network.proxy.ftp
Prefs.js: 33948 removed from network.proxy.ftp_port
Prefs.js: "219.234.82.84" removed from network.proxy.http
Prefs.js: 33948 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "219.234.82.84" removed from network.proxy.ssl
Prefs.js: 33948 removed from network.proxy.ssl_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_USERS\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Internet Explorer\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 343929 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4535717 bytes
->Flash cache emptied: 708 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2006 bytes
->Temporary Internet Files folder emptied: 406381727 bytes
->Java cache emptied: 11551291 bytes
->FireFox cache emptied: 82895994 bytes
->Google Chrome cache emptied: 390159090 bytes
->Flash cache emptied: 2031 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8419555 bytes
RecycleBin emptied: 2989213487 bytes
 
Total Files Cleaned = 3.713,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06282013_074945

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4PRYDEAR\ads[3].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BIMZ37O\137219-backdoor-trojan-befall-dxgiau-exe[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1Z3FW1GG\ads[5].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Malwarebyte:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.27.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

28.06.2013 08:27:43
mbam-log-2013-06-28 (08-27-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252584
Laufzeit: 20 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=888d93ebcae2454fb8d3fe242557d196
# engine=14182
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-28 11:46:26
# local_time=2013-06-28 01:46:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 279016 135016571 0 0
# compatibility_mode=5892 16776574 100 100 66179391 209952714 0 0
# scanned=107006
# found=0
# cleaned=0
# scan_time=12186
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=888d93ebcae2454fb8d3fe242557d196
# engine=14191
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-29 01:57:19
# local_time=2013-06-29 03:57:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 330069 135067624 0 0
# compatibility_mode=5892 16776574 100 100 66230444 210003767 0 0
# scanned=339133
# found=0
# cleaned=0
# scan_time=28156
         
Log von SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 24  
 Java 7 Update 25  
 Java(TM) 6 Update 7  
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 20.0.1 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und OTL log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2013 11:17:57 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,94% Memory free
6,06 Gb Paging File | 4,16 Gb Available in Paging File | 68,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 40,56 Gb Free Space | 18,24% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,29 Gb Free Space | 12,20% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.06.12 08:39:19 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE
PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe
PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010.06.28 16:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006.03.01 16:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll
MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll
MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll
MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll
MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll
MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2004.12.26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com)
SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130628.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130628.024\NAVENG.SYS -- (NAVENG)
DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS)
DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes,DefaultScope = Bing
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.28 08:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M]
 
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.27 13:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions
[2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung
[2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi
[2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi
[2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi
[2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\
 
O1 HOSTS File: ([2013.06.27 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: p***de ([***] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.29 10:51:27 | 000,000,000 | ---D | C] -- C:\Programme
[2013.06.28 10:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.28 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.06.28 08:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.28 08:24:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.28 08:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.28 07:40:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.27 14:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.27 14:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.27 14:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.27 14:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.27 14:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.27 14:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.27 14:05:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.27 13:26:29 | 005,083,698 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.06.26 11:49:42 | 000,103,680 | ---- | C] (GMER) -- C:\pwdiyfob.sys
[2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll
[2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll
[2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll
[2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll
[2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll
[2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll
[2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll
[2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll
[2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll
[2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.29 11:01:09 | 000,890,988 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.06.29 10:52:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 10:52:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 10:38:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.29 10:34:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.29 10:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.29 03:06:35 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.29 03:06:35 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.29 03:06:35 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.29 03:06:35 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.28 21:34:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.28 07:57:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.06.28 07:54:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.28 00:00:35 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2013.06.27 23:56:59 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI
[2013.06.27 23:50:34 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.27 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.27 13:26:54 | 005,083,698 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.06.26 11:49:42 | 000,103,680 | ---- | M] (GMER) -- C:\pwdiyfob.sys
[2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.29 11:01:06 | 000,890,988 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.06.27 14:08:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.27 14:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.27 14:08:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.27 14:08:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.27 14:08:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5}
[2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74}
[2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf
[2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg
[2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif
[2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg
[2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\***_***_Zoo2012.jpg
[2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf
[2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf
[2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg
[2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd
[2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung sol****ic.pdf
[2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk
[2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf
[2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg
[2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf
[2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf
[2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf
[2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf
[2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old
[2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache
[2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\wal**.lnk
[2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps
[2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf
[2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.09 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AceBIT
[2010.04.09 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart Label Printer
[2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate
[2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec
[2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net
[2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket
[2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic
[2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX
[2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup
[2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5
[2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD
[2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD
[2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer
[2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity
[2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Puh - sorry, hat etwas gedauert. Rechner läuft einwandfrei, nichts hat mehr "gemault" - alles ruhig....
Freue mich auf deine Beurteilung/ nächste Schritte - viele Grüße!

G.Vadda

Alt 29.06.2013, 13:36   #9
aharonov
/// TB-Ausbilder
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo,

die Logs sehen jetzt besser aus.
Jetzt muss noch die veraltete Software runter und dann räumen wir auf.


Schritt 1

Du hast unter anderem veraltete Java-Versionen installiert. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 25.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.



Schritt 2

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 3

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Starte defogger und drücke den Button Re-enable.
  2. Deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 02.07.2013, 08:46   #10
gevadda
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Hallo Leo,

hab jetzt alles gemacht wie von dir vorgeschlagen - ich möchte mich bei dir 1000x bedanken für deine super Unterstützung !!!! Neben dieser ernüchternden Erfahrung mit einem malware Befall habe ich dank dir viel dazugelernt im zeitgemäßen Umgang mit dem Web und ich kann nur sagen, zum Glück gibt es das Trojaner Board mit Leuten wie dir, die usern wie mir wieder auf die Füße helfen!!
Ich hab heute mit Freude gespendet, ich hoffe, dass von meiner Seite ein kleiner monetärer Beitrag etwas dazubeiträgt euch als guardian angels online zu haben!

Viele Grüße und nochmals :
G.Vadda

Alt 02.07.2013, 10:51   #11
aharonov
/// TB-Ausbilder
 
Backdoor.Trojan Befall: dxgiau.exe - Standard

Backdoor.Trojan Befall: dxgiau.exe



Danke für die Rückmeldung.
Und im Namen des Teams vielen Dank für die Spende!


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Backdoor.Trojan Befall: dxgiau.exe
7-zip, absturz, askpartnernetwork, aufgegeben, autorun, bho, bingbar, blockiert, converter, desktop, diagnostics, downloader, dsl, error, excel, failed, firefox, flash player, home, install.exe, installation, intranet, kunde, mozilla, plug-in, realtek, registry, revo uninstaller, scan, security, software, super, svchost.exe, symantec, usb, vista, visual studio, winload toolbar



Ähnliche Themen: Backdoor.Trojan Befall: dxgiau.exe


  1. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  2. Rootkit.0Access, Trojan.Sirefef, Trojan.Small Befall
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  3. Rootkit/Backdoor befall ist da aber nicht zu beseitigen
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (4)
  4. Trojan.Agent und Backdoor.Bot befall auf meinem Laptop
    Log-Analyse und Auswertung - 11.11.2011 (28)
  5. Stark trojanerverseuchtes System! (Trojan Buzuss, Backdoor Trojan, Trojan Dropper,..)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  6. Trojaner Befall! z.B Backdoor.win32.Agent.ich
    Log-Analyse und Auswertung - 10.01.2010 (18)
  7. Möglicher Trojaner/Backdoor-Befall nach Neuaufsetzung!
    Log-Analyse und Auswertung - 02.01.2010 (2)
  8. Bleibender Backdoor-Trojaner Befall
    Plagegeister aller Art und deren Bekämpfung - 11.02.2009 (5)
  9. Datensicherung nach Backdoor.Win32.TDSS Befall
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (0)
  10. backdoor und malware befall
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (65)
  11. Befall von Virtumonde, Trojan.Dropper/Gen und Trojan.DNSChanger-Codec
    Plagegeister aller Art und deren Bekämpfung - 28.10.2008 (23)
  12. Backdoor.Trojan und Backdoor.Grybird
    Mülltonne - 13.10.2008 (0)
  13. Trojan.Agent.AIVO sowie Backdoor.Bot4120 befall bei mir bitte Hilfe
    Plagegeister aller Art und deren Bekämpfung - 27.06.2008 (13)
  14. System stürzt permanent ab! Wahrscheinlich Backdoor.Bifrose Befall
    Log-Analyse und Auswertung - 24.02.2008 (0)
  15. Befall durch Fujack und Backdoor oder Falschmeldung?
    Log-Analyse und Auswertung - 23.08.2007 (6)
  16. backdoor.win32.bifrose.aej befall?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2007 (13)
  17. Backdoor Befall
    Log-Analyse und Auswertung - 28.09.2005 (3)

Zum Thema Backdoor.Trojan Befall: dxgiau.exe - Hallo an die Gemeinschaft! Gestern ist es mir passiert: Nach all den Jahren - Anhang geöffnet ( ein Zip file) mit vermeintlicher O2 Rechnung... mein Norton hat nicht gemault, und - Backdoor.Trojan Befall: dxgiau.exe...
Archiv
Du betrachtest: Backdoor.Trojan Befall: dxgiau.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.