Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spy Hunter 4 installiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.07.2013, 23:33   #1
Morny
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



Ich habe letzte Woche bemerkt, dass meine vorgegebene Startseite bei Firefox verändert war. Habe im Netz gesucht und den Hinweis gefunden, dass ich wohl Spyware auf meinem Rechner habe. Leider habe ich dann Spy Hunter 4 installiert. Bitte um Hilfe. Vielen Dank.

OTL.txt:

OTL logfile created on: 17.07.2013 00:09:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korny\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,18 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 64,73% Memory free
6,35 Gb Paging File | 5,04 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 45,17 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,14 Gb Free Space | 75,34% Space Free | Partition Type: NTFS

Computer Name: KORNY-PC | User Name: Korny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.17 00:08:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Korny\Downloads\OTL.exe
PRC - [2013.06.07 20:39:42 | 001,302,336 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013.06.07 19:33:12 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 15:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.02 13:21:22 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.07 01:00:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.09.02 22:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010.02.02 01:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 01:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.13 11:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2010.01.12 19:23:38 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.12.14 12:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 16:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.23 20:13:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll
MOD - [2013.05.15 20:49:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 20:48:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 20:48:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.01.13 23:45:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.13 23:44:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.13 23:44:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.13 23:44:38 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.19 01:03:31 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - [2013.07.02 21:41:13 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.07 19:33:12 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 12:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 12:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.01.14 23:05:24 | 009,957,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.12.16 11:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.11.13 18:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.30 07:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.10.26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.09.21 02:43:50 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2009.09.21 02:43:48 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2009.09.21 02:43:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.30 18:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3D20D9BE-9372-4EB0-9869-54C3054364E0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{B2B02179-B47C-474A-9C56-597F3B3FAEF2}: "URL" = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&ilc=12&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57515
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Korny\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.02 21:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.26 22:43:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.02 21:41:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.02 21:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.26 22:43:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2013.05.04 17:50:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Korny\AppData\Roaming\mozilla\Extensions
[2010.05.09 22:55:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Korny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.07.16 23:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korny\AppData\Roaming\mozilla\Firefox\Profiles\055f422i.default\extensions
[2012.06.27 22:07:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Korny\AppData\Roaming\mozilla\Firefox\Profiles\055f422i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.08.23 19:31:51 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Korny\AppData\Roaming\mozilla\Firefox\Profiles\055f422i.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.07.16 23:12:31 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\Korny\AppData\Roaming\mozilla\firefox\profiles\055f422i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.07.17 00:02:08 | 000,000,944 | ---- | M] () -- C:\Users\Korny\AppData\Roaming\mozilla\firefox\profiles\055f422i.default\searchplugins\icqplugin.xml
[2013.05.04 17:50:34 | 000,002,515 | ---- | M] () -- C:\Users\Korny\AppData\Roaming\mozilla\firefox\profiles\055f422i.default\searchplugins\Search_Results.xml
[2013.07.02 21:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.07.02 21:41:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.07.02 21:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.07.02 21:41:13 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.04 17:50:34 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - Startup: C:\Users\Korny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B471DF-3DE4-47C7-8011-E2F97C952FB8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{520bb1dd-c052-11e0-8b64-001f16394deb}\Shell - "" = AutoRun
O33 - MountPoints2\{520bb1dd-c052-11e0-8b64-001f16394deb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f697031a-e27d-11e0-aef9-001f16394deb}\Shell - "" = AutoRun
O33 - MountPoints2\{f697031a-e27d-11e0-aef9-001f16394deb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.16 23:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.07.05 00:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.05 00:07:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.07.05 00:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.07.05 00:06:51 | 000,000,000 | ---D | C] -- C:\Users\Korny\AppData\Local\Programs
[2013.07.04 21:00:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.04 20:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.04 20:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.07.02 22:23:57 | 000,000,000 | ---D | C] -- C:\Users\Korny\Desktop\Foto Finn
[2013.07.02 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.26 22:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.18 20:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar
[2013.06.18 20:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013.06.18 20:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.17 00:07:19 | 000,000,000 | ---- | M] () -- C:\Users\Korny\defogger_reenable
[2013.07.16 23:58:35 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.07.16 23:58:35 | 000,002,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.07.16 23:36:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.16 23:17:58 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.16 23:17:58 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.16 23:09:10 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.16 23:09:10 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.07.16 23:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.16 23:08:55 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.07 23:01:53 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.07 23:01:53 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.07 23:01:53 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.07 23:01:53 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.05 00:07:24 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 22:28:19 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.06.26 22:51:12 | 000,327,136 | ---- | M] () -- C:\Users\Korny\Desktop\Windjammerparade.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.17 00:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Korny\defogger_reenable
[2013.07.16 23:58:35 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.07.05 00:07:24 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 22:28:19 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.06.26 22:51:11 | 000,327,136 | ---- | C] () -- C:\Users\Korny\Desktop\Windjammerparade.html
[2013.05.04 17:50:32 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2013.01.17 01:07:45 | 000,007,583 | ---- | C] () -- C:\Users\Korny\Unbenannt 1.odt
[2011.06.28 23:46:36 | 000,000,667 | ---- | C] () -- C:\Users\Korny\Korny - Verknüpfung.lnk
[2011.03.06 01:26:15 | 000,022,214 | -H-- | C] () -- C:\Users\Korny\AppData\Roaming\C4E8.2B2
[2011.02.19 01:32:57 | 000,008,373 | ---- | C] () -- C:\Users\Korny\ESt2010_Kornus_Michael_und_Kornus_Julia.elfo
[2010.11.28 14:50:46 | 000,506,791 | -H-- | C] () -- C:\Users\Korny\AppData\Roaming\mdbu.bin
[2010.09.13 23:13:11 | 000,009,074 | ---- | C] () -- C:\Users\Korny\Steuer Michi.elfo
[2010.03.20 11:44:31 | 000,002,378 | -H-- | C] () -- C:\Users\Korny\AppData\Roaming\wklnhst.dat
[2010.02.18 22:05:20 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.07.02 23:48:31 | 000,000,000 | -H-D | M] -- C:\Users\Korny\AppData\Roaming\Amazon
[2011.04.23 10:02:42 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\Canneverbe Limited
[2012.05.24 23:33:14 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\elsterformular
[2011.04.23 10:03:48 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\Facebook
[2013.05.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\FreeAudioPack
[2012.04.06 13:32:29 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\GlarySoft
[2011.06.21 10:39:19 | 000,000,000 | -H-D | M] -- C:\Users\Korny\AppData\Roaming\ICQ
[2011.05.09 20:07:53 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\IGC
[2011.10.16 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\MAGIX
[2011.05.18 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\MediaProSoft Free YouTube to FLV Converter
[2011.04.23 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\OpenOffice.org
[2012.03.20 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\pdfforge
[2011.11.01 23:00:34 | 000,000,000 | -H-D | M] -- C:\Users\Korny\AppData\Roaming\QuickScan
[2013.03.29 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\RavensburgerTipToi
[2010.08.30 15:36:14 | 000,000,000 | -H-D | M] -- C:\Users\Korny\AppData\Roaming\Template
[2011.06.29 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Korny\AppData\Roaming\Thunderbird

========== Purity Check ==========



< End of report >


Extra.txt:

OTL Extras logfile created on: 17.07.2013 00:09:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Korny\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,18 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 64,73% Memory free
6,35 Gb Paging File | 5,04 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 45,17 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,14 Gb Free Space | 75,34% Space Free | Partition Type: NTFS

Computer Name: KORNY-PC | User Name: Korny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [Photo Dose - Bestellsoftware] -- "C:\Program Files\PhotoDose\Loader.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AEA047-6B08-4A1C-ABC7-098414B59834}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0C7C21E6-4A7C-48F1-89C2-68CF1B8402C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C01C354-E1A9-44FC-9C66-5C274C60C4A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E1838F9-DDFB-43FB-B74E-F1D4FC4224E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39438207-F6A7-4FF9-99C0-813FE195B474}" = rport=445 | protocol=6 | dir=out | app=system |
"{43175F47-88BF-433D-B0A4-181E836EF098}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49B4B6C2-BB5E-4405-A5CE-67C539A3C8B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B468D5F-4B8E-431E-887B-9B474D62FBA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F9731E0-E330-41DD-831D-8AEF1B651E4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53C0D591-EB41-4F94-9FA2-3B13FEB2D8D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5672B14E-DFA7-42DA-A95F-2FD59D53D98D}" = lport=137 | protocol=17 | dir=in | app=system |
"{62F5DEA5-BAD2-41B5-A797-22BD8237AFBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6949C084-F7E3-4D08-BEB8-55FDC6DBB888}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75B5641F-8B5A-4A00-8CF0-245A93C5DE06}" = lport=445 | protocol=6 | dir=in | app=system |
"{83D8434B-F92C-45A0-B76B-1012FA677F35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87F86ACE-3544-4BBA-A5D9-5EB9F9772304}" = rport=139 | protocol=6 | dir=out | app=system |
"{91C36760-9894-43CF-B355-1D2EC2C1FEC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99D56736-8BA3-4EF5-852C-2646F9D53F39}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0E6BAF8-C2E6-4F04-8A89-68977441087C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA56191E-9681-4EC3-A172-D4CBEF405F71}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE68530A-7733-4CCB-B975-6F332BC39945}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C247084F-975D-42D7-8716-39ED83CEC456}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D90ABA67-4421-4F57-A14E-40E9934B3A3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBB11905-A40C-40E4-905A-6BB0EA174D85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF001CDA-1858-43C4-9BDB-F8203EA93AA1}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DD039D-A3AA-459C-A5BE-0310CA1DDAAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09560473-90EB-4DC4-964E-1F4496CD71A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16E7D010-1F24-4E7E-9DD1-FCE1BA6125CD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{180EF88F-A60C-4FBE-ACC3-8E1D43BA605A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{23103DB4-AC8E-40D6-AF4B-2FDB02219592}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24624442-B740-4808-8E78-2D0C56A67D88}" = protocol=17 | dir=in | app=c:\program files\ravensburger tiptoi\tiptoi.exe |
"{25DF7507-99D1-4A8F-BD05-83A0DFE21E71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27447D66-19DB-46B2-A8B8-CD90BB1ED713}" = protocol=6 | dir=out | app=system |
"{2B45C321-946B-4151-8C0D-310597DDD42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{347C90F0-CD98-4C66-A4B8-CA9D9303002D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4614602D-A96B-4C97-82C3-4AB00F71BBE8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{48769CE2-3375-46C2-ACDA-8AA7CA549E1B}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{4B52EFC3-4AA3-4C9D-BF7B-0076B71BBC9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4BEACDB3-7086-42C8-AC7B-886755D98549}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{58729093-E7C4-4253-A397-FF6DC0CF1C43}" = protocol=6 | dir=in | app=c:\program files\ravensburger tiptoi\tiptoi.exe |
"{591E12A8-F9BB-4FB6-A9BA-20E238101AE8}" = dir=out | app=%programfiles%\youtube downloader\youtubedownloader.exe |
"{60F7F509-588E-45C6-900A-C491806A39F8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6D589FA8-3FE2-4B21-BDF7-8DF51933DD11}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{708B4C3E-F2B9-4488-8F1D-A3B61AA9B43E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{790CC637-B8FC-4607-B17D-A6D0E41BD07F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{80B75353-1CFC-4819-9591-85AAC2B5D658}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{813B1198-66A7-4637-9AC9-9AC495D5C7B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85A3CF2A-A6EE-45DC-85E6-619A15D00C2C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{89C5E800-6D49-4A44-BE26-5B43C23D8CCE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8CA02534-899C-4164-B9FE-45F0CCF35D14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D8ECCAB-76AA-4A15-A5D3-36C96000905F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9077A6F4-8F2B-48DF-90D2-D9FB78266BBF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{963E841A-21FD-4F16-8F98-C7EB4450202A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9E7D8346-755A-4DAF-A288-BB3617ED2ED5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3F626CB-19B6-4124-83DD-0A032033BCEB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7B80462-A7E4-4665-A702-1647E1D9A6B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3D29A40-BDC6-43F4-BDE9-9DEBE2A9FF14}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{B4864C66-9B29-44E6-9AE6-BF67B08CF975}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C3256F56-1D89-4F9A-B7B7-21193B03E319}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA33C5A0-3CFC-47A6-97E1-5F181C95CD6B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D41D8046-7FA9-45C4-BD99-12C4F53161A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7BA6E9B-8CE1-4F98-BA84-593BD65F9560}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8517648-965E-46CF-A693-2C061055BDFB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E97D7130-5191-4A1D-8D24-839B1ED92DB5}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{EA138881-4885-4A86-8B2B-7AA94B2B5936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8587250-8D22-472B-A352-7F863359DB03}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F89ECC7F-CDB7-430D-AEE7-22782AD91841}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FAD55362-7E4C-4C0B-8674-449C260910C8}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{FB220079-90FF-4F15-B2D0-B865D64BB09C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{85044AA9-0F66-4CC1-8430-EE60BA044642}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4540AEB9-BFC0-450D-9F18-F75B12D600AB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBD417F-13B6-4477-B7C2-AE705864058D}" = YTD Toolbar v7.2
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8544556F-92C9-478E-9ABC-BC2823E39577}" = MAGIX Speed burnR (MSI)
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE31374-02C2-452E-88EC-2F16D92731A9}" = MAGIX Screenshare
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"MAGIX_MSI_Videodeluxe17" = MAGIX Video deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaProSoft Free YouTube to FLV Converter_is1" = MediaProSoft Free YouTube to FLV Converter 2.1.1.7
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Dose_is1" = PhotoDose 4.5
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Searchqu Toolbar" = Windows Searchqu Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.07.2013 05:53:30 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 06.07.2013 05:53:30 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15693

Error - 06.07.2013 05:53:30 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15693

Error - 06.07.2013 06:23:22 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 06.07.2013 06:23:22 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585

Error - 06.07.2013 06:23:22 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585

Error - 06.07.2013 06:23:37 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 06.07.2013 06:23:37 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31185

Error - 06.07.2013 06:23:37 | Computer Name = Korny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31185

Error - 16.07.2013 17:09:26 | Computer Name = Korny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.16.11.8871,
Zeitstempel: 0x4b4fbec4 Name des fehlerhaften Moduls: NVSVC.DLL, Version: 8.16.11.8871,
Zeitstempel: 0x4b4fbebf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000300b ID des fehlerhaften
Prozesses: 0x670 Startzeit der fehlerhaften Anwendung: 0x01ce8268b64dfa7b Pfad der
fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\NVSVC.DLL Berichtskennung: fe6bfcd0-ee5b-11e2-a3ec-001f16394deb

[ Media Center Events ]
Error - 07.03.2010 09:00:25 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 14:00:25 - Fehler beim Herstellen der Internetverbindung. 14:00:25
- Serververbindung konnte nicht hergestellt werden..

Error - 07.03.2010 09:00:34 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 14:00:30 - Fehler beim Herstellen der Internetverbindung. 14:00:30
- Serververbindung konnte nicht hergestellt werden..

Error - 07.03.2010 10:00:38 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 15:00:38 - Fehler beim Herstellen der Internetverbindung. 15:00:38
- Serververbindung konnte nicht hergestellt werden..

Error - 07.03.2010 10:00:45 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 15:00:43 - Fehler beim Herstellen der Internetverbindung. 15:00:43
- Serververbindung konnte nicht hergestellt werden..

Error - 21.03.2010 07:21:24 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 12:21:23 - Fehler beim Herstellen der Internetverbindung. 12:21:23
- Serververbindung konnte nicht hergestellt werden..

Error - 21.03.2010 07:21:33 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 12:21:29 - Fehler beim Herstellen der Internetverbindung. 12:21:29
- Serververbindung konnte nicht hergestellt werden..

Error - 21.03.2010 08:21:39 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 13:21:39 - Fehler beim Herstellen der Internetverbindung. 13:21:39
- Serververbindung konnte nicht hergestellt werden..

Error - 21.03.2010 08:21:45 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 13:21:44 - Fehler beim Herstellen der Internetverbindung. 13:21:44
- Serververbindung konnte nicht hergestellt werden..

Error - 13.04.2010 14:51:46 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 20:51:46 - Fehler beim Herstellen der Internetverbindung. 20:51:46
- Serververbindung konnte nicht hergestellt werden..

Error - 13.04.2010 14:52:02 | Computer Name = Korny-PC | Source = MCUpdate | ID = 0
Description = 20:51:52 - Fehler beim Herstellen der Internetverbindung. 20:51:52
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dnscache" konnte sich nicht als "NT AUTHORITY\NetworkService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dnscache" konnte sich nicht als "NT AUTHORITY\NetworkService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dnscache" konnte sich nicht als "NT AUTHORITY\NetworkService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dnscache" konnte sich nicht als "NT AUTHORITY\NetworkService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.06.2013 16:18:07 | Computer Name = Korny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error - 27.06.2013 16:21:14 | Computer Name = Korny-PC | Source = DCOM | ID = 10010
Description =

Error - 29.06.2013 16:50:38 | Computer Name = Korny-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Alt 17.07.2013, 01:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.07.2013, 19:49   #3
Morny
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



Avira Funde

Code:
ATTFilter
05.07.2013 00:29 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Korny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-5d958a
      02'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.Q' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b753ad.qua' 
      verschoben!

05.07.2013 00:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Korny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-5d958a
      02'
      wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.Q' [exploit] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
__________________

Alt 18.07.2013, 21:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 22.07.2013, 23:29   #5
Morny
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



GMER:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-22 23:55:46
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: tq94x8sp.exe; Driver: C:\Users\Korny\AppData\Local\Temp\kwloqpog.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----[/QUOTE]
         
--- --- ---
Malwarebytes Anti-Rootkit:

Zitat:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
Malwarebytes : Free Anti-Malware download

Database version: v2013.07.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Korny :: KORNY-PC [administrator]

23.07.2013 00:07:25
mbar-log-2013-07-23 (00-07-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 222340
Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Alt 22.07.2013, 23:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spy Hunter 4 installiert - Standard

Spy Hunter 4 installiert



Hat MBAR wirklich nichts gefunden oder hast du nur das Log mit den Funden vergessen?
__________________
--> Spy Hunter 4 installiert

Antwort

Themen zu Spy Hunter 4 installiert
antivir, autorun, avira, bandoo, bho, bingbar, bonjour, cdburnerxp, desktop, error, firefox, flash player, google, helper, home, install.exe, installation, launch, logfile, mozilla, realtek, registry, rundll, scan, security, software, spyware, svchost.exe, windows, wma, youtube downloader



Ähnliche Themen: Spy Hunter 4 installiert


  1. Spy Hunter 4:
    Alles rund um Windows - 17.08.2015 (7)
  2. Spy Hunter 4 löschen
    Antiviren-, Firewall- und andere Schutzprogramme - 27.06.2015 (1)
  3. spy-hunter deinstallieren
    Log-Analyse und Auswertung - 05.04.2015 (1)
  4. Spy Hunter 4 entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.01.2015 (23)
  5. Spy Hunter 4 & iStartSurf
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (14)
  6. Spy Hunter
    Plagegeister aller Art und deren Bekämpfung - 16.09.2014 (13)
  7. Nationzoom & Spy Hunter 4
    Log-Analyse und Auswertung - 08.01.2014 (9)
  8. Nationzoom & Spy Hunter 4
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (3)
  9. Zuerst die Toolbar Snpa.Do mit installiert und nun SpyHunter4 installiert
    Log-Analyse und Auswertung - 27.10.2013 (21)
  10. Spy Hunter versehentlich installiert
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (54)
  11. Erst Delta Search installiert dann mit Spy Hunter 4 noch schlimmer gemacht
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (9)
  12. Pop-up Trojaner, Spy Hunter 4
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (11)
  13. Adobe Acrobat XI (englisch) installiert sich von selbst, obwohl Acrobat XI Pro installiert ist
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (19)
  14. Spy-Hunter installiert und Scan durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (2)
  15. Spy Hunter auf meinem PC
    Log-Analyse und Auswertung - 03.08.2011 (1)
  16. Spy Hunter
    Log-Analyse und Auswertung - 28.05.2009 (19)

Zum Thema Spy Hunter 4 installiert - Ich habe letzte Woche bemerkt, dass meine vorgegebene Startseite bei Firefox verändert war. Habe im Netz gesucht und den Hinweis gefunden, dass ich wohl Spyware auf meinem Rechner habe. Leider - Spy Hunter 4 installiert...
Archiv
Du betrachtest: Spy Hunter 4 installiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.