Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Proxy-Trojaner finden und bekämpfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.05.2014, 18:50   #1
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Hallo,

ih benötige eure Hilfe bei der aufspürung und Bekämpfung eines Trojaners, der meine Proxy Einstellungen eigenständig ändert und somit meinen IE lahmlegt.

Danke :-)

Alt 04.05.2014, 18:52   #2
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen





http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 04.05.2014, 19:01   #3
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Verstehe ich das richtig, dass ich die ganzen Logfiles erstellen muss und hier posten muss? Aber gerade das FRS runtergeladen und führe Sancs aus. Sobald alles fertig ist stelle ich die hier rein
__________________

Alt 04.05.2014, 19:34   #4
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



So isses
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.05.2014, 19:41   #5
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Leider stürzt mein PC immer bei Schritt 3 (GMER) ab ...

Muss mal schaun das ich das hinbekomme ... Dann gehts weiter :-)


Alt 04.05.2014, 19:48   #6
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Dann lass es und poste mir bitte die FRST logfiles
__________________
--> Proxy-Trojaner finden und bekämpfen

Alt 04.05.2014, 19:51   #7
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Okay, hier
Angehängte Dateien
Dateityp: txt FRST.txt (66,0 KB, 188x aufgerufen)

Alt 05.05.2014, 16:58   #8
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Hy.
Ich sehe da jetzt vorerst einmal nichts.


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 05.05.2014, 17:28   #9
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Bitte schön :-)

Alt 05.05.2014, 19:09   #10
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Bitte poste Logfiles direkt in dein Thema anstatt sie anzuhängen.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 05.05.2014, 19:59   #11
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Combofix Logfile:
Code:
ATTFilter
ComboFix 14-05-05.01 - PaNic 05.05.2014  20:51:08.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8136.5869 [GMT 2:00]
ausgeführt von:: c:\users\PaNic\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\PaNic\AppData\Roaming\Ecuq
c:\users\PaNic\AppData\Roaming\Ecuq\ycuq.opk
c:\users\PaNic\AppData\Roaming\Waha
c:\users\PaNic\AppData\Roaming\Waha\week.uta
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\s.bat
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-05 bis 2014-05-05  ))))))))))))))))))))))))))))))
.
.
2014-05-05 18:54 . 2014-05-05 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-05 18:54 . 2014-05-05 18:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-04 17:59 . 2014-05-04 18:14	--------	d-----w-	C:\FRST
2014-05-04 16:49 . 2014-05-04 16:49	--------	d-----w-	c:\users\PaNic\AppData\Roaming\DropboxMaster
2014-05-04 16:47 . 2014-05-04 16:47	--------	d-sh--w-	c:\users\PaNic\AppData\Local\EmieUserList
2014-05-04 16:47 . 2014-05-04 16:47	--------	d-sh--w-	c:\users\PaNic\AppData\Local\EmieSiteList
2014-05-03 07:03 . 2014-05-03 07:03	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-04-18 20:28 . 2014-04-18 20:28	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2014-04-18 20:28 . 2014-04-18 20:28	--------	d-----w-	c:\windows\system32\wbem\en-US
2014-04-15 11:35 . 2014-04-15 11:35	240952	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\users\PaNic\AppData\Local\PirritSuggestor
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\program files (x86)\WinRST
2014-04-08 19:46 . 2013-12-13 15:53	19544	----a-w-	c:\windows\system32\roboot64.exe
2014-04-08 19:46 . 2014-04-08 19:49	--------	d-----w-	c:\users\PaNic\AppData\Roaming\systweak
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\users\PaNic\AppData\Local\Programs
2014-04-08 19:37 . 2014-04-08 19:37	--------	d-----w-	c:\programdata\Oracle
2014-04-08 19:37 . 2014-04-08 19:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-04-08 19:37 . 2013-12-18 19:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-08 19:31 . 2014-04-08 19:32	--------	d--h--w-	c:\windows\AxInstSV
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 21:26 . 2012-04-03 21:29	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-28 21:26 . 2011-11-17 18:07	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 17:09 . 2011-11-17 19:40	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-09 15:23	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-28 09:26 . 2011-11-30 12:58	119296	----a-w-	c:\windows\SysWow64\zlib.dll
2014-02-07 01:23 . 2014-03-12 22:46	3156480	----a-w-	c:\windows\system32\win32k.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVIDEOSOFT\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\PaNic\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"ROC_ROC_JAN2013_AV"="c:\users\PaNic\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" [2013-01-17 1234000]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-03-21 75048]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-22 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
.
c:\users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PaNic\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
RazossUpdater.lnk - c:\users\PaNic\AppData\Local\Razoss\Application\RazossUpdater.exe [2012-7-5 191832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2013-12-28 1427760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 CLKMSVC10_3A60B698;CyberLink Product - 2011/10/22 21:11;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 PirritDesktop;PirritDesktop;c:\users\PaNic\AppData\Local\PirritSuggestor\PirritService.exe;c:\users\PaNic\AppData\Local\PirritSuggestor\PirritService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys;c:\windows\SYSNATIVE\DRIVERS\AVerPola.sys [x]
S3 AVPolDIR;AVerMedia USB Polaris Series Dummy IR Service;c:\windows\system32\DRIVERS\AVPolDIR.sys;c:\windows\SYSNATIVE\DRIVERS\AVPolDIR.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_3A60B698
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 21:46	1078088	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:26]
.
2014-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002Core.job
- c:\users\PaNic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-01 17:29]
.
2014-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002UA.job
- c:\users\PaNic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-01 17:29]
.
2014-05-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-01 21:31]
.
2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 21:07]
.
2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 21:07]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVIDEOSOFT\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-22 21:14	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-22 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-22 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-22 5908928]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-06 1172480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=hxxp://127.0.0.1:9880
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=8f211d5e-d321-4fc0-9085-8290afcb37b8&searchtype=ds&q={searchTerms}&installDate=25/02/2013
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: network.proxy.ftp - 202.43.188.9
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 202.43.188.9
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 202.43.188.9
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 202.43.188.9
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\PaNic\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\TUInstallHelper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-1199395)
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-1199395)
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-05  20:56:09
ComboFix-quarantined-files.txt  2014-05-05 18:56
.
Vor Suchlauf: 7.287.164.928 Bytes frei
Nach Suchlauf: 8.488.747.008 Bytes frei
.
- - End Of File - - C2EAFC11BE6D5A7CA01D1BC956EC1293
         
--- --- ---

Alt 06.05.2014, 05:44   #12
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Morgen.
na das sieht ja schon mal besser aus.

Ich muss dennoch ein paar Dinge manuell fixen was mich dem Handy nicht machen kann.
Bitte vorerst einmal

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Melde mich am Abend wieder
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.05.2014, 18:03   #13
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Farbar Service Scanner Version: 03-05-2014
Ran by PaNic (administrator) on 06-05-2014 at 19:04:13
Running from "C:\Users\PaNic\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=hxxp://127.0.0.1:9880


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 06.05.2014, 19:33   #14
Larusso
/// Selecta Jahrusso
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Hy

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
    c:\users\PaNic\AppData\Local\Razoss
    File::
    c:\users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RazossUpdater.lnk
    DDS::
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    uInternet Settings,ProxyServer = http=hxxp://127.0.0.1:9880 uInternet Settings,ProxyOverride = <local>
    Firefox::
    FF - ProfilePath - c:\users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\
    FF - prefs.js: network.proxy.ftp - 202.43.188.9
    FF - prefs.js: network.proxy.ftp_port - 8080 
    FF - prefs.js: network.proxy.http - 202.43.188.9 
    FF - prefs.js: network.proxy.http_port - 8080 
    FF - prefs.js: network.proxy.socks - 202.43.188.9 
    FF - prefs.js: network.proxy.socks_port - 8080 
    FF - prefs.js: network.proxy.ssl - 202.43.188.9 
    FF - prefs.js: network.proxy.ssl_port - 8080 
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false 
    FF - user.js: security.warn_submit_insecure - false 
    FF - user.js: security.warn_submit_insecure.show_once - false
    ClearJavaCache::
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Lösche bitte die vorhandene FRST.exe


Bitte setze einen Haken bei Additions.txt

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





Wird der Proxy immernoch neu eingerichtet ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.05.2014, 22:11   #15
PaNic83
 
Proxy-Trojaner finden und bekämpfen - Standard

Proxy-Trojaner finden und bekämpfen



Combofix.txt:

Code:
ATTFilter
ComboFix 14-05-05.01 - PaNic 06.05.2014  21:55:41.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8136.5736 [GMT 2:00]
ausgeführt von:: c:\users\PaNic\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\PaNic\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RazossUpdater.lnk"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PaNic\AppData\Local\Razoss
c:\users\PaNic\AppData\Local\Razoss\Application\EngineUninstall.exe
c:\users\PaNic\AppData\Local\Razoss\Application\error.html
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome.manifest
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\delegate.js
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\logo32.ico
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\logo32.png
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\logo32_red.ico
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\razoss.js
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\chrome\content\razoss.xul
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\components\FF.dll
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\components\ff4\IRazossExt.xpt
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\components\ff4\razossaddon-ff4.dll
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\components\IRazossExt.xpt
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\defaults\preferences\razoss.js
c:\users\PaNic\AppData\Local\Razoss\Application\ffextension\install.rdf
c:\users\PaNic\AppData\Local\Razoss\Application\googlechrome\Razoss.crx
c:\users\PaNic\AppData\Local\Razoss\Application\IE.dll
c:\users\PaNic\AppData\Local\Razoss\Application\loader.gif
c:\users\PaNic\AppData\Local\Razoss\Application\loading.html
c:\users\PaNic\AppData\Local\Razoss\Application\logo32.ico
c:\users\PaNic\AppData\Local\Razoss\Application\RazossEngine.exe
c:\users\PaNic\AppData\Local\Razoss\Application\RazossReporter.exe
c:\users\PaNic\AppData\Local\Razoss\Application\RazossShadow.dll
c:\users\PaNic\AppData\Local\Razoss\Application\RazossUpdater.exe
c:\users\PaNic\AppData\Local\Razoss\Application\Uninstall.exe
c:\users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RazossUpdater.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-06 bis 2014-05-06  ))))))))))))))))))))))))))))))
.
.
2014-05-06 19:59 . 2014-05-06 19:59	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-06 19:59 . 2014-05-06 19:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-05 21:50 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-05 21:50 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-05 21:50 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-04 17:59 . 2014-05-04 18:14	--------	d-----w-	C:\FRST
2014-05-04 16:49 . 2014-05-04 16:49	--------	d-----w-	c:\users\PaNic\AppData\Roaming\DropboxMaster
2014-05-04 16:47 . 2014-05-04 16:47	--------	d-sh--w-	c:\users\PaNic\AppData\Local\EmieUserList
2014-05-04 16:47 . 2014-05-04 16:47	--------	d-sh--w-	c:\users\PaNic\AppData\Local\EmieSiteList
2014-05-03 07:03 . 2014-05-03 07:03	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-04-18 20:28 . 2014-04-18 20:28	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2014-04-18 20:28 . 2014-04-18 20:28	--------	d-----w-	c:\windows\system32\wbem\en-US
2014-04-15 11:35 . 2014-04-15 11:35	240952	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\users\PaNic\AppData\Local\PirritSuggestor
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\program files (x86)\WinRST
2014-04-08 19:46 . 2013-12-13 15:53	19544	----a-w-	c:\windows\system32\roboot64.exe
2014-04-08 19:46 . 2014-04-08 19:49	--------	d-----w-	c:\users\PaNic\AppData\Roaming\systweak
2014-04-08 19:46 . 2014-04-08 19:46	--------	d-----w-	c:\users\PaNic\AppData\Local\Programs
2014-04-08 19:37 . 2014-04-08 19:37	--------	d-----w-	c:\programdata\Oracle
2014-04-08 19:37 . 2014-04-08 19:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-04-08 19:37 . 2013-12-18 19:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-08 19:31 . 2014-04-08 19:32	--------	d--h--w-	c:\windows\AxInstSV
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 21:26 . 2012-04-03 21:29	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-28 21:26 . 2011-11-17 18:07	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 17:09 . 2011-11-17 19:40	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-09 15:23	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-28 09:26 . 2011-11-30 12:58	119296	----a-w-	c:\windows\SysWow64\zlib.dll
2014-02-07 01:23 . 2014-03-12 22:46	3156480	----a-w-	c:\windows\system32\win32k.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVIDEOSOFT\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\PaNic\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"ROC_ROC_JAN2013_AV"="c:\users\PaNic\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" [2013-01-17 1234000]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-03-21 75048]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-22 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
.
c:\users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PaNic\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2013-12-28 1427760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 CLKMSVC10_3A60B698;CyberLink Product - 2011/10/22 21:11;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 PirritDesktop;PirritDesktop;c:\users\PaNic\AppData\Local\PirritSuggestor\PirritService.exe;c:\users\PaNic\AppData\Local\PirritSuggestor\PirritService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys;c:\windows\SYSNATIVE\DRIVERS\AVerPola.sys [x]
S3 AVPolDIR;AVerMedia USB Polaris Series Dummy IR Service;c:\windows\system32\DRIVERS\AVPolDIR.sys;c:\windows\SYSNATIVE\DRIVERS\AVPolDIR.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_3A60B698
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 21:46	1078088	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:26]
.
2014-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002Core.job
- c:\users\PaNic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-01 17:29]
.
2014-05-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002UA.job
- c:\users\PaNic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-01 17:29]
.
2014-05-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-01 21:31]
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 21:07]
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 21:07]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVIDEOSOFT\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\PaNic\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-22 21:14	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-22 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-22 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-22 5908928]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-06 1172480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=8f211d5e-d321-4fc0-9085-8290afcb37b8&searchtype=ds&q={searchTerms}&installDate=25/02/2013
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-AVG PC TuneUp - c:\program files (x86)\AVG\AVG PC TuneUp\TUInstallHelper.exe
AddRemove-Razoss - c:\users\PaNic\AppData\Local\Razoss\Application\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-1199395)
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-1199395)
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-06  22:00:35
ComboFix-quarantined-files.txt  2014-05-06 20:00
ComboFix2.txt  2014-05-05 18:56
.
Vor Suchlauf: 6.381.240.320 Bytes frei
Nach Suchlauf: 6.072.201.216 Bytes frei
.
- - End Of File - - A7F27019B3D1F3DB1A6D38A22143008D
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.207 - Bericht erstellt am 06/05/2014 um 22:37:45
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : PaNic - PANICLENO
# Gestartet von : C:\Users\PaNic\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : PirritDesktop

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\ATDheNetTVApp.com
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\iLivid
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\WinRST
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\PaNic\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\PaNic\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\PaNic\AppData\Local\PirritSuggestor
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com
Ordner Gelöscht : C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Datei Gelöscht : C:\windows\System32\roboot64.exe
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\user.js
Datei Gelöscht : C:\windows\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\windows\System32\Tasks\GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\GoforFiles
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Pirrit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v21.0 (de)

[ Datei : C:\Users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=8f211d5e-d321-4fc0-9085-8290afcb37b8&searchtype=hp&installDate=25/02/2013
Gelöscht [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Gelöscht [Extension] : jcdgjdiieiljkfkdcloehkohchhpekkn

*************************

AdwCleaner[R0].txt - [11995 octets] - [06/05/2014 22:37:10]
AdwCleaner[S0].txt - [10857 octets] - [06/05/2014 22:37:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10918 octets] ##########
         
FRST.TXT


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by PaNic (administrator) on PANICLENO on 06-05-2014 22:42:47
Running from C:\Users\PaNic\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\PaNic\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
() C:\Users\PaNic\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\PaNic\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\PaNic\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVCM.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2841896 2011-10-28] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-10-22] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-10-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1172480 2011-04-06] (Sphinx Software)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2075288 2012-10-12] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-03-21] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-10-22] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3473657482-3237807048-3479380401-1002\...\Run: [Akamai NetSession Interface] => C:\Users\PaNic\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3473657482-3237807048-3479380401-1002\...\Run: [ROC_ROC_JAN2013_AV] => C:\Users\PaNic\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe [1234000 2013-01-17] ()
HKU\S-1-5-21-3473657482-3237807048-3479380401-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3473657482-3237807048-3479380401-1002\...\Policies\Explorer: [] 
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-03] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\PaNic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=hxxp://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: GretechBHO Class - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.2.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225
FF Homepage: about:newtab
FF NetworkProxy: "backup.ftp", "202.43.188.9"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "202.43.188.9"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "202.43.188.9"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.18 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\PaNic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\PaNic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\PaNic\AppData\Roaming\Mozilla\Firefox\Profiles\jffb5ghg.default-1368436490225\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-12-08]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=8f211d5e-d321-4fc0-9085-8290afcb37b8&searchtype=hp&installDate=25/02/2013"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Razoss Bar Plugin) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlbhjeioccdadoagmkjknpdkcdoloog\0.1.0.407_0\nprazoss.dll ()
CHR Plugin: (SweetIM GC Helper) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll No File
CHR Plugin: (PriceGong) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.7_0\plugins/npPriceGong_CH.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\PaNic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (No Name) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2012-11-08]
CHR Extension: (YouTube) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-08]
CHR Extension: (Google-Suche) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-08]
CHR Extension: (No Name) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-11-08]
CHR Extension: (SweetPacks Bar) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlbhjeioccdadoagmkjknpdkcdoloog [2012-11-08]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-09]
CHR Extension: (Google Mail) - C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [ljlbhjeioccdadoagmkjknpdkcdoloog] - C:\Users\PaNic\AppData\Local\Razoss\Application\googlechrome\razoss.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [970016 2011-05-12] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [610816 2011-04-06] (Sphinx Software)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]

==================== Drivers (Whitelisted) ====================

R3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [534144 2011-01-04] (AVerMedia TECHNOLOGIES, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 AVPolDIR; C:\Windows\System32\DRIVERS\AVPolDIR.sys [7168 2011-01-04] (AVerMedia TECHNOLOGIES, Inc.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-13] (Broadcom Corporation.)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 DelayMan; C:\Windows\System32\DRIVERS\delayman.sys [20064 2011-10-22] (Ensurebit Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-20] (DT Soft Ltd)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17880 2010-07-21] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57816 2010-08-27] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [32088 2010-08-27] (JMicron Technology Corp.)
R1 winioex; C:\Windows\System32\drivers\winioex.sys [15456 2011-10-22] (Ensurebit Inc.)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 22:42 - 2014-05-06 22:42 - 02063872 _____ (Farbar) C:\Users\PaNic\Desktop\FRST64.exe
2014-05-06 22:42 - 2014-05-06 22:42 - 00030326 _____ () C:\Users\PaNic\Desktop\FRST.txt
2014-05-06 22:37 - 2014-05-06 22:37 - 00000000 ____D () C:\AdwCleaner
2014-05-06 22:36 - 2014-05-06 22:36 - 01316991 _____ () C:\Users\PaNic\Desktop\adwcleaner.exe
2014-05-06 22:21 - 2014-05-06 22:21 - 00018176 _____ () C:\Users\PaNic\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 22:07 - 2014-05-06 22:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 22:07 - 2014-05-06 22:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 22:07 - 2014-05-06 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 22:07 - 2014-05-06 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 22:07 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-06 22:07 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-06 22:07 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-06 22:04 - 2014-05-06 22:05 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\PaNic\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 22:00 - 2014-05-06 22:00 - 00031360 _____ () C:\ComboFix.txt
2014-05-06 21:51 - 2014-05-06 21:51 - 05199940 ____R (Swearware) C:\Users\PaNic\Desktop\ComboFix.exe
2014-05-06 19:06 - 2014-05-06 19:06 - 00039768 _____ () C:\Users\PaNic\Downloads\Adressliste14.xlsx
2014-05-06 19:04 - 2014-05-06 19:04 - 00002930 _____ () C:\Users\PaNic\Downloads\FSS.txt
2014-05-06 19:03 - 2014-05-06 19:03 - 00408576 _____ (Farbar) C:\Users\PaNic\Downloads\FSS.exe
2014-05-05 23:50 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 23:50 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 23:50 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 23:50 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-05 20:50 - 2014-05-06 22:00 - 00000000 ____D () C:\Qoobox
2014-05-05 20:50 - 2014-05-05 20:55 - 00000000 ____D () C:\windows\erdnt
2014-05-05 20:50 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-05 20:50 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-05 20:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-05 20:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-05 20:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-05 20:50 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-05 20:50 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-05 20:50 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-05 18:12 - 2014-05-05 18:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\PaNic\Downloads\tdsskiller.exe
2014-05-04 20:36 - 2014-05-06 22:13 - 666181643 _____ () C:\windows\MEMORY.DMP
2014-05-04 20:36 - 2014-05-06 22:13 - 00000000 ____D () C:\windows\Minidump
2014-05-04 20:21 - 2014-05-04 20:25 - 00000472 _____ () C:\Users\PaNic\Downloads\defogger_disable.log
2014-05-04 20:15 - 2014-05-04 20:15 - 00380416 _____ () C:\Users\PaNic\Downloads\Gmer-19357.exe
2014-05-04 20:13 - 2014-05-04 20:14 - 00060503 _____ () C:\Users\PaNic\Desktop\Addition.txt
2014-05-04 20:13 - 2014-05-04 20:13 - 00050477 _____ () C:\Users\PaNic\Downloads\Defogger.exe
2014-05-04 20:13 - 2014-05-04 20:13 - 00000542 _____ () C:\Users\PaNic\Desktop\defogger_disable.log
2014-05-04 20:13 - 2014-05-04 20:13 - 00000168 _____ () C:\Users\PaNic\defogger_reenable
2014-05-04 19:59 - 2014-05-06 22:42 - 00000000 ____D () C:\FRST
2014-05-04 19:28 - 2014-05-04 19:31 - 00000062 _____ () C:\Users\PaNic\AppData\Local\Tempein.txt
2014-05-04 19:28 - 2014-05-04 19:28 - 00088576 _____ () C:\Users\PaNic\Downloads\IE_Proxy_on_off.exe
2014-05-04 18:49 - 2014-05-04 18:49 - 00000000 ____D () C:\Users\PaNic\AppData\Roaming\DropboxMaster
2014-05-04 18:47 - 2014-05-04 18:47 - 00000000 __SHD () C:\Users\PaNic\AppData\Local\EmieUserList
2014-05-04 18:47 - 2014-05-04 18:47 - 00000000 __SHD () C:\Users\PaNic\AppData\Local\EmieSiteList
2014-05-04 15:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-04 15:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-04 15:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-04 15:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-04 15:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-04 15:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-04 15:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-04 15:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-04 15:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-04 15:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-04 15:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-04 15:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-04 15:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-04 15:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-04 15:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-04 15:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-04 15:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-04 15:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-04 15:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-04 15:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-04 15:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-04 15:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-04 15:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-04 15:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-04 15:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-04 15:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-04 15:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-04 15:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-04 15:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-04 15:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-04 15:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-04 15:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-04 15:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-04 15:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-04 15:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-04 15:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-04 15:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-04 15:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-04 15:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-04 15:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-04 15:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-04 15:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-04 15:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-04 15:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-03 16:01 - 2014-05-03 16:01 - 00001413 _____ () C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 09:03 - 2014-05-03 09:03 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-05-03 09:03 - 2014-05-03 09:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-05-03 09:03 - 2014-05-03 09:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-05-03 09:03 - 2014-05-03 09:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-05-03 09:03 - 2014-05-03 09:03 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-05-03 09:03 - 2014-05-03 09:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-05-03 09:03 - 2014-05-03 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-05-03 09:00 - 2014-05-03 09:01 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de(2).exe
2014-05-02 17:51 - 2014-05-02 17:51 - 00010495 _____ () C:\Users\PaNic\Downloads\PaNikTr_elster_2048.pfx
2014-04-18 22:20 - 2014-04-18 22:22 - 00004317 _____ () C:\windows\IE9_main.log
2014-04-17 17:24 - 2014-04-17 17:25 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de(1).exe
2014-04-17 17:23 - 2014-04-17 17:24 - 37059280 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-04-12 09:29 - 2014-04-12 09:29 - 00032157 _____ () C:\Users\PaNic\Downloads\Helferplan.xlsx
2014-04-09 18:37 - 2014-04-09 18:38 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-04-09 17:26 - 2014-04-09 17:26 - 02077392 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1.exe
2014-04-09 17:23 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 17:23 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 17:23 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 17:23 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 17:23 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 17:23 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 17:23 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 17:23 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 17:23 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 17:23 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 17:23 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 17:23 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 17:23 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 17:23 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 17:23 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 17:23 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 17:23 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-08 21:37 - 2014-04-08 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-08 21:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-08 21:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-04-08 21:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-04-08 21:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-04-08 21:36 - 2014-04-08 21:37 - 00006631 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-08 21:36 - 2014-04-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-08 21:31 - 2014-04-08 21:32 - 00000000 ___HD () C:\windows\AxInstSV

==================== One Month Modified Files and Folders =======

2014-05-06 22:43 - 2014-05-06 22:42 - 00030326 _____ () C:\Users\PaNic\Desktop\FRST.txt
2014-05-06 22:42 - 2014-05-06 22:42 - 02063872 _____ (Farbar) C:\Users\PaNic\Desktop\FRST64.exe
2014-05-06 22:42 - 2014-05-04 19:59 - 00000000 ____D () C:\FRST
2014-05-06 22:41 - 2011-10-22 23:07 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 22:40 - 2011-12-18 00:34 - 00000000 ____D () C:\Users\PaNic\AppData\Roaming\Skype
2014-05-06 22:39 - 2011-11-17 23:14 - 00000000 ____D () C:\Users\PaNic\AppData\Roaming\Dropbox
2014-05-06 22:39 - 2011-10-22 23:14 - 00000000 ____D () C:\ProgramData\VeriFace
2014-05-06 22:39 - 2011-10-22 23:07 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 22:38 - 2012-04-01 11:44 - 00000326 _____ () C:\windows\Tasks\GlaryInitialize.job
2014-05-06 22:38 - 2011-10-22 23:14 - 04344079 _____ () C:\FaceProv.log
2014-05-06 22:38 - 2011-10-22 22:31 - 02065584 _____ () C:\windows\WindowsUpdate.log
2014-05-06 22:38 - 2010-11-21 05:47 - 00281160 _____ () C:\windows\PFRO.log
2014-05-06 22:38 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-06 22:38 - 2009-07-14 06:51 - 00193324 _____ () C:\windows\setupact.log
2014-05-06 22:38 - 2009-07-14 06:45 - 00030592 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 22:38 - 2009-07-14 06:45 - 00030592 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 22:37 - 2014-05-06 22:37 - 00000000 ____D () C:\AdwCleaner
2014-05-06 22:37 - 2011-10-22 14:14 - 00701560 _____ () C:\windows\system32\perfh007.dat
2014-05-06 22:37 - 2011-10-22 14:14 - 00150428 _____ () C:\windows\system32\perfc007.dat
2014-05-06 22:37 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-06 22:36 - 2014-05-06 22:36 - 01316991 _____ () C:\Users\PaNic\Desktop\adwcleaner.exe
2014-05-06 22:34 - 2014-05-06 22:07 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 22:32 - 2014-03-08 01:32 - 00000000 ____D () C:\Users\PaNic\Desktop\Jeb-Zahn
2014-05-06 22:27 - 2012-04-03 23:29 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 22:27 - 2011-11-30 14:58 - 00119296 _____ () C:\windows\SysWOW64\zlib.dll
2014-05-06 22:21 - 2014-05-06 22:21 - 00018176 _____ () C:\Users\PaNic\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 22:13 - 2014-05-04 20:36 - 666181643 _____ () C:\windows\MEMORY.DMP
2014-05-06 22:13 - 2014-05-04 20:36 - 00000000 ____D () C:\windows\Minidump
2014-05-06 22:13 - 2013-05-21 11:56 - 00000000 ____D () C:\Program Files\Nightly
2014-05-06 22:07 - 2014-05-06 22:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 22:07 - 2014-05-06 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 22:07 - 2014-05-06 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 22:07 - 2012-10-16 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 22:05 - 2014-05-06 22:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\PaNic\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-06 22:04 - 2011-11-17 23:16 - 00000000 ___RD () C:\Users\PaNic\Dropbox
2014-05-06 22:00 - 2014-05-06 22:00 - 00031360 _____ () C:\ComboFix.txt
2014-05-06 22:00 - 2014-05-05 20:50 - 00000000 ____D () C:\Qoobox
2014-05-06 21:59 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-05-06 21:58 - 2011-11-18 02:38 - 00000000 ___RD () C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 21:51 - 2014-05-06 21:51 - 05199940 ____R (Swearware) C:\Users\PaNic\Desktop\ComboFix.exe
2014-05-06 21:34 - 2012-10-02 00:36 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002UA.job
2014-05-06 20:08 - 2012-03-27 20:21 - 06566400 ___SH () C:\Users\PaNic\Desktop\Thumbs.db
2014-05-06 19:59 - 2011-11-17 20:51 - 00000000 ____D () C:\Users\PaNic\AppData\Local\Paint.NET
2014-05-06 19:06 - 2014-05-06 19:06 - 00039768 _____ () C:\Users\PaNic\Downloads\Adressliste14.xlsx
2014-05-06 19:06 - 2011-11-17 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-06 19:06 - 2011-11-17 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-06 19:06 - 2011-11-17 20:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-06 19:04 - 2014-05-06 19:04 - 00002930 _____ () C:\Users\PaNic\Downloads\FSS.txt
2014-05-06 19:03 - 2014-05-06 19:03 - 00408576 _____ (Farbar) C:\Users\PaNic\Downloads\FSS.exe
2014-05-06 19:01 - 2012-09-25 10:14 - 00000000 ____D () C:\ProgramData\Razoss
2014-05-05 22:55 - 2011-12-16 21:39 - 00000000 ____D () C:\Users\PaNic\Documents\Youcam
2014-05-05 20:55 - 2014-05-05 20:50 - 00000000 ____D () C:\windows\erdnt
2014-05-05 20:54 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 18:34 - 2012-10-02 00:36 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3473657482-3237807048-3479380401-1002Core.job
2014-05-05 18:12 - 2014-05-05 18:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\PaNic\Downloads\tdsskiller.exe
2014-05-04 22:32 - 2014-02-18 12:50 - 00000000 ____D () C:\windows\rescache
2014-05-04 20:25 - 2014-05-04 20:21 - 00000472 _____ () C:\Users\PaNic\Downloads\defogger_disable.log
2014-05-04 20:18 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-04 20:15 - 2014-05-04 20:15 - 00380416 _____ () C:\Users\PaNic\Downloads\Gmer-19357.exe
2014-05-04 20:14 - 2014-05-04 20:13 - 00060503 _____ () C:\Users\PaNic\Desktop\Addition.txt
2014-05-04 20:13 - 2014-05-04 20:13 - 00050477 _____ () C:\Users\PaNic\Downloads\Defogger.exe
2014-05-04 20:13 - 2014-05-04 20:13 - 00000542 _____ () C:\Users\PaNic\Desktop\defogger_disable.log
2014-05-04 20:13 - 2014-05-04 20:13 - 00000168 _____ () C:\Users\PaNic\defogger_reenable
2014-05-04 20:13 - 2011-11-18 02:37 - 00000000 ____D () C:\Users\PaNic
2014-05-04 19:31 - 2014-05-04 19:28 - 00000062 _____ () C:\Users\PaNic\AppData\Local\Tempein.txt
2014-05-04 19:28 - 2014-05-04 19:28 - 00088576 _____ () C:\Users\PaNic\Downloads\IE_Proxy_on_off.exe
2014-05-04 18:49 - 2014-05-04 18:49 - 00000000 ____D () C:\Users\PaNic\AppData\Roaming\DropboxMaster
2014-05-04 18:48 - 2011-11-17 23:15 - 00000000 ____D () C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-04 18:47 - 2014-05-04 18:47 - 00000000 __SHD () C:\Users\PaNic\AppData\Local\EmieUserList
2014-05-04 18:47 - 2014-05-04 18:47 - 00000000 __SHD () C:\Users\PaNic\AppData\Local\EmieSiteList
2014-05-04 18:47 - 2011-11-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-04 18:39 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-03 17:54 - 2011-12-15 13:34 - 00000000 ____D () C:\Users\PaNic\AppData\Local\PokerStars.EU
2014-05-03 16:01 - 2014-05-03 16:01 - 00001413 _____ () C:\Users\PaNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-03 09:07 - 2013-11-20 01:07 - 00034415 _____ () C:\windows\IE11_main.log
2014-05-03 09:03 - 2014-05-03 09:03 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-05-03 09:03 - 2014-05-03 09:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-05-03 09:03 - 2014-05-03 09:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-05-03 09:03 - 2014-05-03 09:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-05-03 09:03 - 2014-05-03 09:03 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-05-03 09:03 - 2014-05-03 09:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-05-03 09:03 - 2014-05-03 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-05-03 09:03 - 2014-05-03 09:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-05-03 09:03 - 2014-05-03 09:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-05-03 09:01 - 2014-05-03 09:00 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de(2).exe
2014-05-02 17:51 - 2014-05-02 17:51 - 00010495 _____ () C:\Users\PaNic\Downloads\PaNikTr_elster_2048.pfx
2014-04-29 16:01 - 2014-05-05 23:50 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-05 23:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-05 23:50 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-05 23:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-28 23:26 - 2012-04-03 23:29 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 23:26 - 2012-04-03 23:29 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 23:26 - 2011-11-17 20:07 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-24 18:59 - 2012-07-02 20:47 - 00000000 ____D () C:\Users\PaNic\AppData\Local\Akamai
2014-04-23 10:45 - 2011-11-17 20:16 - 00000000 ____D () C:\Users\PaNic\AppData\Local\Adobe
2014-04-22 21:06 - 2011-12-18 00:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 20:23 - 2013-03-21 14:53 - 00000000 ____D () C:\Users\PaNic\Documents\Outlook-Dateien
2014-04-18 22:22 - 2014-04-18 22:20 - 00004317 _____ () C:\windows\IE9_main.log
2014-04-17 17:25 - 2014-04-17 17:24 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de(1).exe
2014-04-17 17:24 - 2014-04-17 17:23 - 37059280 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-04-15 13:35 - 2014-04-15 13:35 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-04-12 09:29 - 2014-04-12 09:29 - 00032157 _____ () C:\Users\PaNic\Downloads\Helferplan.xlsx
2014-04-09 19:11 - 2013-08-14 00:08 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 19:09 - 2011-11-17 21:40 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 18:38 - 2014-04-09 18:37 - 63320784 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-04-09 18:29 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-09 17:28 - 2012-07-02 13:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-09 17:26 - 2014-04-09 17:26 - 02077392 _____ (Microsoft Corporation) C:\Users\PaNic\Downloads\IE11-Windows6.1.exe
2014-04-08 21:37 - 2014-04-08 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-08 21:37 - 2014-04-08 21:36 - 00006631 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-08 21:36 - 2014-04-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-08 21:32 - 2014-04-08 21:31 - 00000000 ___HD () C:\windows\AxInstSV

Some content of TEMP:
====================
C:\Users\PaNic\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmioiyl.dll
C:\Users\PaNic\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 21:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.05.2014
Suchlauf-Zeit: 22:59:27
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.05.06.10
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: PaNic

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313713
Verstrichene Zeit: 10 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [f83ac8860b70fc3a1368f5b1a1625fa1], 
PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST, In Quarantäne, [69c92529176487af09607fff0af8d927], 

Registrierungswerte: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {245E2AD8-8903-4FFD-8977-ABE4C65F1D55}, In Quarantäne, [f83ac8860b70fc3a1368f5b1a1625fa1]
PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST|ImagePath, C:\Program Files (x86)\WinRST\WinRST.exe, In Quarantäne, [69c92529176487af09607fff0af8d927]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com, In Quarantäne, [af8392bc47343105d6dc2049a16158a8], 
PUP.Optional.PriceGong.A, C:\Users\PaNic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [70c2cd8129525dd9ff12f87649b96a96], 

Dateien: 2
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com\IlemiTVApp.exe, In Quarantäne, [af8392bc47343105d6dc2049a16158a8], 
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com\uninst.exe, In Quarantäne, [af8392bc47343105d6dc2049a16158a8], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Also ich kann zwar noch nix genaues sagen, aber zumindest scheint es so, als würde es tatsächlich nicht mehr passieren ...

Kannst du mal sagen, was genau jetzt passiert ist oder du erkannt hast?

Antwort

Themen zu Proxy-Trojaner finden und bekämpfen
bekämpfen, bekämpfung, benötige, einstellungen, gen, hilfe, internet explorer, proxy, troja, trojaner, trojaners, ändert



Ähnliche Themen: Proxy-Trojaner finden und bekämpfen


  1. Samsung Monte will Proxy-Passwort, aber kein Proxy installiert
    Smartphone, Tablet & Handy Security - 16.06.2014 (2)
  2. GVU-Trojaner bekämpfen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (20)
  3. GVU Trojaner, Virenscanner finden nichts
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (16)
  4. Trojaner TR/FakeAV.Aus.2 (=cmhptmyxb.exe) wie bekämpfen?
    Log-Analyse und Auswertung - 27.11.2012 (1)
  5. ----GVU-Trojaner v2.04---- Windows 7 64 Bit Trojaner bekämpfen.
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. bundespolizei trojaner übereste finden
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (21)
  7. Trojaner zu bekämpfen, weiß nicht weiter...
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (1)
  8. 20-TAN-Trojaner / Scanner finden nichts
    Log-Analyse und Auswertung - 11.10.2010 (9)
  9. Massig Trojaner auf einem anderen Benutzerkonto!...Wie kann ich sie bekämpfen?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (1)
  10. Wie kann man mehere Trojaner vom Webspace bekämpfen lassen?
    Überwachung, Datenschutz und Spam - 16.01.2010 (1)
  11. Trojaner hier zu finden ?
    Mülltonne - 24.08.2008 (1)
  12. Trojaner bekämpfen/entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (2)
  13. Kann den Trojaner nicht finden
    Plagegeister aller Art und deren Bekämpfung - 28.10.2007 (10)
  14. Wie kann ich Trojaner bekämpfen?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2005 (19)
  15. Trojaner im Netzwerk finden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2004 (2)
  16. email trojaner finden...
    Plagegeister aller Art und deren Bekämpfung - 02.07.2004 (4)

Zum Thema Proxy-Trojaner finden und bekämpfen - Hallo, ih benötige eure Hilfe bei der aufspürung und Bekämpfung eines Trojaners, der meine Proxy Einstellungen eigenständig ändert und somit meinen IE lahmlegt. Danke :-) - Proxy-Trojaner finden und bekämpfen...
Archiv
Du betrachtest: Proxy-Trojaner finden und bekämpfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.