Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7: Online-Banking, Verdacht auf Tatanga Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.05.2014, 01:42   #1
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Hallo,
heute habe ich ein Problem beim Online-Banking festgestellt. Statt der üblichen Nutzerfläche kam eine Meldung "Zu Ihrer Sicherheit", ein Screenshot davon ist angehängt. Ich habe etwas gegoogelt und gehe davon aus, dass es sich um den Trojaner Tatanga handelt. Leider kann ich momentan Windows nicht neu auf den PC spielen, weil ich erst wieder in ca. einem Monat dazu Zeit haben werde. Bis dahin würde ich gern wenigstens den Trojaner eindämmen oder ihn ganz beseitigen, wenn das möglich wäre. Leider war ich etwas nervös durch die ganze Sache, so dass ich die Reihenfolge der Anleitung nicht ganz beachtet habe. Ich habe zuerst Malwarebytes eingesetzt, FRST und defogger später. GMER hat leider nicht funktioniert. Alle logs hänge ich an.

Vielleicht ist ja was zu machen, besten Dank schonmal!

Edit:
Hier die logs noch als Code:

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by User at 2014-05-18 01:08:20
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\2K6D14IT
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.2 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Ashampoo Burning Studio 6 FREE (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.5 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Image to PDF Converter Free 5.0 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version:  - PDFArea Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6) (HKLM-x32\...\Mozilla Firefox (3.6)) (Version: 3.6 (de) - Mozilla)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyBib eRoom - Browser (HKCU\...\MyBib eRoom - Browser) (Version:  - ImageWare Components GmbH)
NVIDIA 3D Vision Controller-Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0904 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0904 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0904 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1033 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.33 (Version: 310.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Partition Wizard Home Edition 5.0 (HKLM-x32\...\{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1) (Version:  - MT Solution Ltd.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.0 - )
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Soldat 1.6.0 (HKLM-x32\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)
Soldat 1.6.1 (HKLM-x32\...\Soldat patch 1.6.0-1.6.1_is1) (Version: 1.6.1 - Michal Marcinkowski)
Soldat 1.6.2 (HKLM-x32\...\Soldat patch 1.6.1-1.6.2_is1) (Version: 1.6.2 - Michal Marcinkowski)
Soldat 1.6.5 (HKLM-x32\...\Soldat_is1) (Version: 1.6.5 - Michal Marcinkowski)
Soldat 1.6.6 (HKLM-x32\...\Soldat_SBS_1_is1) (Version: 1.6.6 - Michal Marcinkowski)
Soldat 1.6.7 (HKLM-x32\...\Soldat_SBS_2_is1) (Version: 1.6.7 - Michal Marcinkowski)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewLit 4.2 - Professional (XP) (HKLM-x32\...\ViewLit 4.2 - Professional (XP)) (Version:  - )
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.7.4 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13482418-1CD9-4E4A-9F62-527418C94776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {57AD9D90-3E05-4283-9C16-895DDFCFE472} - \WPD\SqmUpload_S-1-5-21-1947255758-76080904-1852359020-1000 No Task File <==== ATTENTION
Task: {58A0546E-421E-4E80-AC19-3834F9C56831} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {59503A72-11C4-444B-96BF-ADA3E5A1564F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {7AAB3D0C-9580-411B-B288-E2AC15FAF73D} - System32\Tasks\{A766BB37-B80D-4272-9C69-C49601C9D541} => I:\SETUP\SETUP.EXE
Task: {82C7FD85-93D7-4C64-9747-79C66CFEE79D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {8604E4FE-830A-46B8-9689-1A4BE72B50D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {87C07F41-E089-4194-9C3B-6F5758D0D0C0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8AB071C9-7CD7-46C9-BBD1-32990E72EC3C} - System32\Tasks\{878A5E12-7BF9-492E-B8D5-E28411D3EC31} => I:\SETUP\SETUP.EXE
Task: {BEEA351F-B48C-4618-8DFD-3BBFE789F82F} - System32\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-12-04 11:47 - 2012-10-20 02:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-04 20:48 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-18 00:54 - 2014-05-18 00:54 - 00050477 _____ () C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\M6TKSPVQ\Defogger.exe
2014-05-17 18:49 - 2014-05-17 18:42 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-17 00:42 - 2014-05-17 00:42 - 00800768 _____ () C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () D:\Programme\VPN\vpnapi.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "D:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightShot => C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1c84
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1cac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1e58
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x16ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


System errors:
=============
Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 06:09:27 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:14:32 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:13:52 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:13:51 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/15/2014 05:25:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/15/2014 05:25:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/14/2014 08:36:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B801CA65-A1FC-11D0-85AD-444553540000}

Error: (05/10/2014 09:39:40 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1c8401cf71ea6ffce3a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7fb9e0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1cac01cf71ea70017780C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7818c0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1e5801cf71ea6dc2d220C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac507dd0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18d401cf71ea6dbcb7a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac313600-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f16ec01cf71ea6bb13030C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllaa42ac70-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94feac01cf71ea5dedef10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dlla1502d40-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18dc01cf71ea5de897e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll9e35f4f0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1be001cf71ea581755e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll96633da0-dddd-11e3-9e75-003018aa9203
         
defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:55 on 18/05/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 18.05.2014 00:49:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 48,97% Memory free
14,00 Gb Paging File | 11,52 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,90 Gb Free Space | 12,08% Space Free | Partition Type: NTFS
Drive D: | 231,10 Gb Total Space | 45,77 Gb Free Space | 19,81% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 49,00 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive J: | 185,49 Gb Total Space | 0,69 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E81EC-D289-46F6-B805-FA8A4DE1CA06}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0D83C0E2-1075-4E6B-BA72-D2DD6C105901}" = lport=139 | protocol=6 | dir=in | app=system | 
"{125EB100-D88C-438A-B089-67BFE50EC068}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{35CBF5BC-A7A1-42BA-90AB-A132B21A2C1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{41A02784-8F4E-4E53-AD46-4C4104044D9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F3FCA98-CE3A-4001-8AB2-9BFE3A41ABA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{565544EE-1BF4-4D15-9598-849413C21FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5BB8E3CB-6F33-4C1D-A557-929897A6B428}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65F32C58-021C-4B6A-B017-DC020E70281D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{901C8ED3-CA75-4873-A7AE-9AAB7F58785F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{932C5659-3817-4BF3-980E-90C5AAE550E5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{93D1FADD-DBED-4251-9008-89A1B0110775}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{98346EDA-B67E-4225-AFB0-D6210242D5EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{99DEC30B-7FA9-4EF7-BD16-DA856C20052A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F0D5C10-E5B1-4A93-8C6C-E739F72A687D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B845C37B-921E-4D72-89FA-C2649FA45A0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC95B378-B3AA-4469-B9CD-F10B44F10318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BFC9FC44-531A-40D2-8DB8-A384DF13E2F6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C1DFB31B-AA36-4D31-8B13-37152CE6D3FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C967E072-DBE5-4FAD-8050-FBA57E678F7C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CE9085E9-B745-48AD-A4B2-F89FA2426C41}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D04F1EC1-8C44-4F1C-82F8-3D2823EE8E38}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F484A671-AE52-4F4B-AE50-0497D9C2BEE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F606942E-BB33-4E17-942A-0F2218849B8C}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0419CFEA-9373-4044-B269-08349CF3A2D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0B866B04-8A06-42A5-9281-24F728A76CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F8665F1-7E41-4E73-98F4-C080BBCF29DB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{11126220-D90C-4617-AC75-AFB2E9240BCF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2277737C-F614-44D8-B434-3E7CC657F8CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{22D53A85-3086-4C15-9364-3266D37CBEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{388F1C7A-D27C-4066-A9FC-9E3C3F1BDD22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{38CD7D68-0BDA-4F2D-9106-B32BB55075E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{411743EB-5F38-483A-BF07-819D695A1BB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{432041C6-1E34-42FB-8EF9-7910D9F2119F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4968856C-8BEA-430B-A4FD-7A7EA2A08D70}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4B7A0B8E-5495-4B7B-8EEC-81F0D9D06191}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{688944FF-3834-4F44-8117-EAA31134FB94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{68F8BDE2-C0C6-4F3B-A82C-C21759DDE322}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A8C58E0-2018-4CA1-886A-35D5F0383894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7177E156-D805-4133-AA16-7C229FA9CC01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7543BC1B-EAFB-47C4-9ABB-BFCFCB9E1040}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EE4E6EC-BADB-4B8F-9097-AA54DC077BE5}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F922B30-D871-4620-AC21-FE9CCC8D954C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D344606-2ABE-46E0-8E1F-F0348BC24D49}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{8E6B09B8-7441-4E5D-8FD4-8D704CC8FEC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F06071C-E197-41D0-B7D0-D2AC2A0455B8}" = protocol=6 | dir=out | app=system | 
"{92E088E3-4601-4E6B-9D3C-1653629E089B}" = protocol=58 | dir=in | app=system | 
"{97929470-7A65-4086-9BD6-C99A82A1C3E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99406921-07C9-48CC-97CE-59D270DC744E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C437EB8-8B57-49EC-817E-964953D98204}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{9F8EDB5B-A93F-4EA2-8DAB-E18879A7D5F8}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{A9423809-72BF-48B1-8F2E-6622E96A6D2C}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{A99E846B-E1BD-41E4-9738-0E16710D86D1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B33765B1-A1DB-42F4-BEAF-053803CEA2AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B67BB717-FEC0-4FA3-B710-58AF29E3505F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB46C311-3341-433D-A878-F4FCF50357E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF91B95F-E6BF-4ECA-9D2B-40026EAEEB2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C18367DE-919C-4B45-AEDA-86983D9814A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1BCA577-5950-49CA-908A-4DE317D5CCE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D95532DE-B6C7-479F-97A6-F643BF018412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDD2988A-BD61-4CA3-B753-BC6A1E26FCBF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{EA124538-A1A3-4745-9EC9-E1156BDD28AD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EAE9EDC5-B392-44E5-875A-4A6079457426}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED762F8F-AAE3-4285-BD9A-C367BB7DF0F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EED7450F-1633-4D26-B565-963A6F91247C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{0165F1EB-C463-44CD-A778-97D509CED927}D:\programme\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programme\firefox\plugin-container.exe | 
"TCP Query User{0AC4C717-6432-45FE-8529-BE4EC64578B2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{0C4192CF-2E82-44D3-849C-D98A2A510213}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{0D413568-2045-48EF-864F-862D5B6B947F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{1D649423-20B7-4458-839B-8E361332A36D}C:\program files (x86)\torenkey\torenkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe | 
"TCP Query User{241B9665-F8EC-4428-A182-B45B002551B1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{249B2F0D-8813-4848-BEC3-2532445ED05F}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{340F2487-F216-44F1-9D02-B2CF60B5EDB1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3BA45901-FA86-4EED-A50B-F83BA6A0FA4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{4AA134D7-337A-41CA-A8AB-9CCA71068F19}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"TCP Query User{4CD33D35-A705-43EA-AA6C-6C0211C90EE7}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"TCP Query User{4E5C42D9-C55F-41DF-8C8C-AC85B34CB604}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe | 
"TCP Query User{5151431A-A7AF-4DF8-8752-1002EE9AAD7A}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"TCP Query User{5205A9F7-035C-4719-9E92-D7A32418C906}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"TCP Query User{55E5BEDA-CCC2-40D0-9602-5A1742C1CAA5}C:\users\user\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user\mirc\mirc.exe | 
"TCP Query User{60FED22C-A783-4A2B-BCF7-B6D93577BE0E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"TCP Query User{6664BCE2-F37A-4B3F-82E8-22E5C7754D0F}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe | 
"TCP Query User{6A1AD51F-8741-4459-BFED-5D6823C2AF14}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{84C18C3F-106E-44D6-9565-A60A207A4E97}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{85A97E13-7DA0-461C-A5A7-8B014D03F03F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9896FC9D-F5C5-4BC4-B60E-E3381B5591C2}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe | 
"TCP Query User{B8515BBE-1921-4D56-BCDC-131360CC696D}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{B90964B6-479A-47CE-85D9-99563A4C09DD}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe | 
"TCP Query User{C71D515F-20AE-474A-8629-1149AF83298D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe | 
"TCP Query User{C84F5EF7-3C95-4E6A-A4A9-9B38CA683878}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe | 
"TCP Query User{D7988606-C4C6-45DD-8585-0D2B4DA104EC}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe | 
"TCP Query User{D822A292-03F5-4D5E-B6E4-2B82FEF8EEF9}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"TCP Query User{EA5EEC5B-80BA-4976-8AE8-493AD6170981}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{ED1E941B-DB05-4E5E-BCF3-C2C87CC2FE7F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0D6C98F4-A712-497A-BC01-2C62C250AA3D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe | 
"UDP Query User{27F7F3DC-5D8F-436D-9A59-C5FF109A27CB}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe | 
"UDP Query User{28F972EE-7C1D-4DF7-B03C-38CA35054AC9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{302DD6A7-E8D3-421A-9E78-5DC648C5127D}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe | 
"UDP Query User{3A056C08-15E3-4C65-8AA8-C68195CA9C06}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3DB54B3B-35CB-4757-9F87-7EADE14C406C}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe | 
"UDP Query User{437288A0-BEA7-45E8-9BA7-A59D92942AAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5533D2CA-223A-49F8-B78C-28F4CA8A18D8}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"UDP Query User{560D6343-27BA-49EB-83C1-1CD1A9ED8BC0}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe | 
"UDP Query User{5A534F2F-5E1B-4F09-AB2D-533FE559345F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{5CE7938C-AAF1-4F00-AD28-FDE7AAEC0599}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{61E6A13A-567E-4BE3-89FA-CF7AAF8D4C53}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"UDP Query User{7116E217-DC44-4939-8AFB-9283C3F0A5A8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{7183E553-5A10-4BDB-9AD7-A99D1287E05F}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"UDP Query User{7A6C237F-DC4B-4493-BCB4-F569FCDF86E0}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{7EEEB3E0-9F1B-445C-92AB-75D6ABF01546}C:\program files (x86)\torenkey\torenkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe | 
"UDP Query User{8BFA0F8C-EC0C-44D1-9EA1-517576EB9B6A}D:\programme\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programme\firefox\plugin-container.exe | 
"UDP Query User{931F17DD-56CC-43C1-883D-82CFB1697F87}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{93372FD7-0D56-40A1-939D-9C195EB58044}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe | 
"UDP Query User{A22E8B1A-D3A4-49C8-9565-CA3AB1B987C9}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe | 
"UDP Query User{B2016EF2-5384-45A8-B018-8DA46E7E3B26}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{B3CAFD8A-90D0-4AD3-B702-3161CB34CAD0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{B866ADF4-C917-406C-B297-361D4E7FDFF2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{C5967698-3DFE-4121-BA81-6F733501B177}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{D56180ED-1128-4C3E-B85D-4A61D39A82EA}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{DAA59556-1940-496F-A945-FECFE288B9F6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{E11CFED9-8743-468A-9CD0-02EB66847DC8}C:\users\user\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user\mirc\mirc.exe | 
"UDP Query User{FC850FF7-7865-49E7-99DF-0F82641A8956}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"UDP Query User{FEF806CD-5D5A-4D4B-8CFF-183FDCE96D3C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0904
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinDjView" = WinDjView 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.10) - Deutsch
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C963C417-CFE3-4950-8B83-466AED0C1599}" = NVIDIA PhysX
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"Fraps" = Fraps
"GENEUIDE" = USB Storage Driver
"Image to PDF Converter Free_is1" = Image to PDF Converter Free 5.0
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de)
"Mozilla Thunderbird 24.5.0 (x86 de)" = Mozilla Thunderbird 24.5.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Soldat patch 1.5.0-1.6.0_is1" = Soldat 1.6.0
"Soldat patch 1.6.0-1.6.1_is1" = Soldat 1.6.1
"Soldat patch 1.6.1-1.6.2_is1" = Soldat 1.6.2
"Soldat_is1" = Soldat 1.6.5
"Soldat_SBS_1_is1" = Soldat 1.6.6
"Soldat_SBS_2_is1" = Soldat 1.6.7
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"ViewLit 4.2 - Professional (XP)" = ViewLit 4.2 - Professional (XP)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyBib eRoom - Browser" = MyBib eRoom - Browser
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2014 12:09:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1be0  Startzeit der fehlerhaften Anwendung: 0x01cf71ea581755e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: 96633da0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x18dc  Startzeit der fehlerhaften Anwendung: 0x01cf71ea5de897e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: 9e35f4f0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:32 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cf71ea5dedef10  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: a1502d40-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x16ec  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6bb13030  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: aa42ac70-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x18d4  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dbcb7a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ac313600-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1e58  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dc2d220  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ac507dd0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1cac  Startzeit der fehlerhaften Anwendung: 0x01cf71ea70017780  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ae7818c0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1c84  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6ffce3a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ae7fb9e0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:15:55 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 17.05.2014 12:34:15 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 10.05.2014 15:39:40 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 14.05.2014 14:36:00 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.05.2014 11:25:41 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.05.2014 11:25:44 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 17.05.2014 07:13:51 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 07:13:52 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 07:14:32 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Miniaturansicht angehängter Grafiken
Win7: Online-Banking, Verdacht auf Tatanga Trojaner-18.30-17.5.2014.jpg  
Angehängte Dateien
Dateityp: txt Addition.txt (36,1 KB, 179x aufgerufen)
Dateityp: log defogger_disable.log (580 Bytes, 99x aufgerufen)
Dateityp: txt Extras.Txt (90,4 KB, 112x aufgerufen)
Dateityp: txt FRST_18-05-2014_01-08-52.txt (64,0 KB, 128x aufgerufen)
Dateityp: txt mbam.txt (3,4 KB, 118x aufgerufen)

Geändert von joanbaez123 (18.05.2014 um 02:42 Uhr)

Alt 18.05.2014, 02:44   #2
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by User (administrator) on USER-PC on 18-05-2014 01:07:18
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\2K6D14IT
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Cisco Systems, Inc.) D:\Programme\VPN\cvpnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\M6TKSPVQ\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-05-17] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-17] (Google Inc.)
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [Eptjtion] => regsvr32.exe C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll <===== ATTENTION
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [yaeldet] => regsvr32.exe "C:\ProgramData\yaeldet.dat"

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.uni-greifswald.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0814DC5AB08CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {85725DBC-135C-49B5-A699-7C3871A0434B} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default
FF Homepage: www.gmx.de
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.uni-greifswald.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "proxy.uni-greifswald.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.uni-greifswald.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.uni-greifswald.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.uni-greifswald.de"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\ich@maltegoetz.de [2014-01-28]
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: Basic Slideshow Theme - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{7AEEB28A-EA4E-C605-89D8-027734C5C0AA} [2014-05-17]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-05]
FF Extension: flashget3 Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2011-01-02]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-09]
FF Extension: Skype Wizard Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{1a796508-0ef4-4a59-afee-c762898d2b6e}.xpi [2013-11-14]
FF Extension: {a8630f62-3269-4ea7-981b-78e22f908985} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{a8630f62-3269-4ea7-981b-78e22f908985}.xpi [2013-11-11]
FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-02]
FF Extension: Greasemonkey - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-16]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.gmx.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll ()
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Picasa) - D:\Programme\Picasa\Picasa3\npPicasa3.dll No File
CHR Extension: (Basic Slideshow Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-17]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-05-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-05-17] (Avira Operations GmbH & Co. KG)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
R2 CVPND; D:\Programme\VPN\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-05-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-05-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 pbfilter; D:\Programme\PeerBlock\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
R4 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-06-16] ()
U3 ae89ru5l; C:\Windows\System32\Drivers\ae89ru5l.sys [0 ] (NVIDIA Corporation)
S1 enlkzanf; \??\C:\Windows\system32\drivers\enlkzanf.sys [X]
S1 imrufzce; \??\C:\Windows\system32\drivers\imrufzce.sys [X]
S1 lnukaata; \??\C:\Windows\system32\drivers\lnukaata.sys [X]
S1 mpahzbae; \??\C:\Windows\system32\drivers\mpahzbae.sys [X]
S1 nxdrikra; \??\C:\Windows\system32\drivers\nxdrikra.sys [X]
S1 qezegowc; \??\C:\Windows\system32\drivers\qezegowc.sys [X]
S1 tymtzgpo; \??\C:\Windows\system32\drivers\tymtzgpo.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 01:07 - 2014-05-18 01:07 - 00000000 ____D () C:\FRST
2014-05-18 00:59 - 2014-05-18 00:59 - 00092546 _____ () C:\Users\User\Desktop\Extras.Txt
2014-05-18 00:58 - 2014-05-18 00:58 - 00126162 _____ () C:\Users\User\Desktop\OTL.Txt
2014-05-18 00:55 - 2014-05-18 00:55 - 00000580 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-18 00:48 - 2014-05-18 00:48 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-05-17 21:32 - 2014-05-17 21:32 - 00003506 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 21:10 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 21:10 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-17 18:49 - 2014-05-17 18:42 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-17 18:49 - 2014-05-17 18:42 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-17 18:49 - 2014-05-17 18:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 18:41 - 2014-05-17 18:45 - 00000000 ____D () C:\AdwCleaner
2014-05-17 18:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:14 - 2014-05-17 18:20 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-17 00:41 - 2014-05-17 00:42 - 00000000 ____D () C:\Users\User\AppData\Local\Eptjtion
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-03 19:59 - 2014-05-04 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-26 20:58 - 2014-04-26 21:15 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 20:58 - 2014-04-26 21:14 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
2014-04-21 13:14 - 2014-04-21 13:14 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 13:14 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 13:14 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 13:14 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 13:14 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2014-05-18 01:07 - 2014-05-18 01:07 - 00000000 ____D () C:\FRST
2014-05-18 01:02 - 2013-02-17 07:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
2014-05-18 00:59 - 2014-05-18 00:59 - 00092546 _____ () C:\Users\User\Desktop\Extras.Txt
2014-05-18 00:58 - 2014-05-18 00:58 - 00126162 _____ () C:\Users\User\Desktop\OTL.Txt
2014-05-18 00:55 - 2014-05-18 00:55 - 00000580 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-18 00:48 - 2014-05-18 00:48 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-05-17 23:22 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
2014-05-17 22:31 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 22:31 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 22:28 - 2009-07-14 19:58 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 22:28 - 2009-07-14 19:58 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 22:28 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 22:27 - 2010-04-04 19:40 - 01609112 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 22:23 - 2013-01-20 20:48 - 00058156 _____ () C:\Windows\error.log
2014-05-17 22:23 - 2013-01-20 20:48 - 00013132 _____ () C:\Windows\errord.log
2014-05-17 22:23 - 2012-12-04 11:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-17 22:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 22:23 - 2009-07-14 06:51 - 00126017 _____ () C:\Windows\setupact.log
2014-05-17 21:56 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-05-17 21:36 - 2010-04-04 18:48 - 00170600 _____ () C:\Windows\PFRO.log
2014-05-17 21:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-05-17 21:32 - 2014-05-17 21:32 - 00003506 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-17 18:45 - 2014-05-17 18:41 - 00000000 ____D () C:\AdwCleaner
2014-05-17 18:45 - 2010-08-09 05:06 - 00000000 ____D () C:\Users\User\AppData\Local\Last.fm
2014-05-17 18:42 - 2014-05-17 18:49 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-17 18:42 - 2014-05-17 18:49 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-17 18:42 - 2014-05-17 18:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:24 - 2010-06-09 13:59 - 00001421 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-17 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 18:20 - 2014-05-17 18:14 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:12 - 2012-04-03 13:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 18:12 - 2011-05-18 10:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 18:10 - 2010-06-10 22:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-05-17 15:02 - 2013-02-17 07:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
2014-05-17 00:42 - 2014-05-17 00:41 - 00000000 ____D () C:\Users\User\AppData\Local\Eptjtion
2014-05-14 20:36 - 2011-09-11 02:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-11 18:49 - 2013-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 17:31 - 2014-05-11 17:31 - 00000000 ____D () C:\Users\User\Desktop\La Sera - Hour of the Dawn (2014)
2014-05-11 16:41 - 2013-03-07 23:31 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 01:33 - 2013-05-29 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-09 14:57 - 2013-02-17 07:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA
2014-05-09 14:57 - 2013-02-17 07:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core
2014-05-08 13:08 - 2013-10-27 22:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\mIRC
2014-05-04 12:36 - 2014-05-03 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 02:34 - 2010-06-13 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldat
2014-04-26 21:15 - 2014-04-26 20:58 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 21:14 - 2014-04-26 20:58 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
2014-04-22 00:43 - 2010-06-11 15:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-04-21 13:24 - 2013-10-16 13:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 13:14 - 2014-04-21 13:14 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 13:14 - 2010-06-13 17:03 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\7z920.exe
C:\Users\User\AppData\Local\Temp\ApnIC.dll
C:\Users\User\AppData\Local\Temp\ApnStub.exe
C:\Users\User\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\bi_cleaner.exe
C:\Users\User\AppData\Local\Temp\DivXSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\Last.fm-2.1.30.exe
C:\Users\User\AppData\Local\Temp\mirc732.exe
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\utt3C7B.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 18:53

==================== End Of Log ============================
         
--- --- ---
__________________


Alt 18.05.2014, 02:44   #3
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



OTL
Code:
ATTFilter
OTL logfile created on: 18.05.2014 00:49:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 48,97% Memory free
14,00 Gb Paging File | 11,52 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,90 Gb Free Space | 12,08% Space Free | Partition Type: NTFS
Drive D: | 231,10 Gb Total Space | 45,77 Gb Free Space | 19,81% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 49,00 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive J: | 185,49 Gb Total Space | 0,69 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\VPN\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CVPND) -- D:\Programme\VPN\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (pbfilter) -- D:\Programme\PeerBlock\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 81 4D C5 AB 08 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3EFFE33F-8F6C-41F2-872F-DF0C602DD436}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3EFFE33F-8F6C-41F2-872F-DF0C602DD436}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{85725DBC-135C-49B5-A699-7C3871A0434B}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uni-greifswald.de:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "proxy.uni-greifswald.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.uni-greifswald.de"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.uni-greifswald.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.uni-greifswald.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.uni-greifswald.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: D:\Programme\Firefox\components [2014.05.05 16:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins [2014.05.14 20:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 23:51:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.14 20:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.05.03 19:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.05.03 19:59:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.10.16 21:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014.05.17 00:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions
[2013.12.07 19:58:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
[2014.05.17 00:41:54 | 000,000,000 | ---D | M] (Basic Slideshow Theme) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{7AEEB28A-EA4E-C605-89D8-027734C5C0AA}
[2014.05.05 23:08:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.02 22:42:47 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2014.01.28 02:46:27 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\ich@maltegoetz.de
[2014.05.05 16:07:39 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\youtubeunblocker@unblocker.yt
[2014.03.18 05:06:36 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.11.14 21:55:02 | 000,202,703 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{1a796508-0ef4-4a59-afee-c762898d2b6e}.xpi
[2013.11.11 05:26:05 | 000,022,189 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{a8630f62-3269-4ea7-981b-78e22f908985}.xpi
[2014.05.05 16:07:41 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014.03.18 05:06:36 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010.03.24 11:38:12 | 000,057,418 | ---- | M] (flashget) (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
[2008.10.17 11:03:56 | 000,000,205 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt
[2010.08.16 00:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.13 17:04:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 00:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = D:\Programme\Picasa\Picasa3\npPicasa3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Basic Slideshow Theme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\6.0.2\
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKCU..\Run: [Eptjtion] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [yaeldet] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12362E1A-8D07-471B-B4C2-CDB778191330}: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{202FA234-ED96-4911-8C38-CAB428F25663}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BEC2AC-6020-4B84-A852-664529CA3477}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.27 13:57:40 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.18 00:48:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014.05.17 21:11:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.17 21:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.05.17 21:10:47 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.17 21:10:47 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.17 21:10:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.05.17 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.05.17 21:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.05.17 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2014.05.17 18:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.05.17 18:49:34 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.05.17 18:49:33 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.05.17 18:49:33 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.05.17 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.05.17 18:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.05.17 18:41:57 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.17 18:41:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.17 18:25:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieUserList
[2014.05.17 18:25:26 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieSiteList
[2014.05.17 18:17:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.05.17 18:17:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014.05.17 18:17:41 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014.05.17 18:17:41 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014.05.17 18:17:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014.05.17 18:17:40 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.05.17 18:17:40 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.05.17 18:17:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014.05.17 18:17:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.05.17 18:17:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014.05.17 18:17:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014.05.17 18:17:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.05.17 18:17:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014.05.17 18:17:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014.05.17 18:17:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.05.17 18:17:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.05.17 18:17:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.05.17 18:17:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014.05.17 18:17:39 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.05.17 18:17:39 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.05.17 18:17:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014.05.17 18:17:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014.05.17 18:17:39 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014.05.17 18:17:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014.05.17 18:17:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.05.17 18:17:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014.05.17 18:17:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014.05.17 18:17:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.17 18:17:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.05.17 18:17:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014.05.17 18:17:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.05.17 18:17:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014.05.17 18:17:38 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014.05.17 18:17:38 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.05.17 18:17:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014.05.17 18:17:38 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.05.17 18:17:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014.05.17 18:17:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.05.17 18:17:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014.05.17 18:17:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014.05.17 18:17:37 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.05.17 18:17:37 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.05.17 18:17:37 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.05.17 18:17:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014.05.17 18:17:37 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014.05.17 18:17:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.05.17 18:17:37 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014.05.17 18:17:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014.05.17 18:17:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014.05.17 18:17:37 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.05.17 18:17:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014.05.17 18:17:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.05.17 18:17:36 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.05.17 18:17:36 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.05.17 18:17:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.05.17 18:17:36 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014.05.17 18:17:36 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.05.17 18:17:36 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.05.17 18:17:36 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.05.17 18:17:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.05.17 18:17:36 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014.05.17 18:17:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014.05.17 18:17:36 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014.05.17 18:17:36 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014.05.17 18:17:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.05.17 18:17:36 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014.05.17 18:17:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.17 18:17:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014.05.17 18:17:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.05.17 18:17:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014.05.17 18:17:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.05.17 18:17:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014.05.17 18:17:35 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.05.17 18:17:35 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014.05.17 18:17:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.05.17 18:17:35 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.05.17 18:17:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.05.17 18:17:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014.05.17 18:17:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014.05.17 18:17:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.05.17 18:16:34 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.05.17 18:16:34 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014.05.17 18:16:34 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014.05.17 18:16:34 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014.05.17 18:16:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014.05.17 18:16:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014.05.17 18:16:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014.05.17 18:16:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014.05.17 18:16:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014.05.17 18:16:33 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.17 18:16:33 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.17 18:16:33 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014.05.17 18:16:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014.05.17 18:16:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014.05.17 18:16:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014.05.17 18:16:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014.05.17 18:16:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014.05.17 18:16:11 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014.05.17 18:15:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014.05.17 18:15:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014.05.17 00:41:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Eptjtion
[2014.05.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Mary Onettes, The - Portico
[2014.05.11 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\La Sera - Hour of the Dawn (2014)
[2014.05.03 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.04.21 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\PDF Password Remover Output
[2014.04.21 13:14:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.04.21 13:14:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.04.21 13:14:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.04.21 13:14:34 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.18 00:48:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014.05.18 00:02:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
[2014.05.17 23:22:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
[2014.05.17 22:31:43 | 000,026,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.17 22:31:43 | 000,026,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.17 22:28:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.17 22:28:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.17 22:28:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.17 22:28:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.17 22:28:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.17 22:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.17 22:23:30 | 3220,824,064 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.17 21:56:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014.05.17 21:11:24 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.17 18:42:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.05.17 18:42:29 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.05.17 18:42:28 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.05.17 18:35:39 | 000,129,422 | ---- | M] () -- C:\Users\User\Desktop\18.30, 17.5.2014.jpg
[2014.05.17 18:17:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.05.17 18:17:45 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014.05.17 18:17:41 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014.05.17 18:17:41 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014.05.17 18:17:41 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014.05.17 18:17:40 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.05.17 18:17:40 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.05.17 18:17:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014.05.17 18:17:40 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.05.17 18:17:40 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014.05.17 18:17:40 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014.05.17 18:17:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.05.17 18:17:40 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014.05.17 18:17:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014.05.17 18:17:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.05.17 18:17:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.05.17 18:17:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.05.17 18:17:40 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014.05.17 18:17:40 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014.05.17 18:17:39 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.05.17 18:17:39 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.05.17 18:17:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014.05.17 18:17:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014.05.17 18:17:39 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014.05.17 18:17:39 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014.05.17 18:17:39 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.05.17 18:17:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014.05.17 18:17:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014.05.17 18:17:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.17 18:17:39 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.05.17 18:17:39 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014.05.17 18:17:39 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.05.17 18:17:39 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014.05.17 18:17:38 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014.05.17 18:17:38 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.05.17 18:17:38 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014.05.17 18:17:38 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.05.17 18:17:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014.05.17 18:17:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.05.17 18:17:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014.05.17 18:17:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014.05.17 18:17:37 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.05.17 18:17:37 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.05.17 18:17:37 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.05.17 18:17:37 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014.05.17 18:17:37 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014.05.17 18:17:37 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.05.17 18:17:37 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014.05.17 18:17:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014.05.17 18:17:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014.05.17 18:17:37 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.05.17 18:17:37 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014.05.17 18:17:36 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.05.17 18:17:36 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.05.17 18:17:36 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.05.17 18:17:36 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.05.17 18:17:36 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014.05.17 18:17:36 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.05.17 18:17:36 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.05.17 18:17:36 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.05.17 18:17:36 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.05.17 18:17:36 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014.05.17 18:17:36 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014.05.17 18:17:36 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014.05.17 18:17:36 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014.05.17 18:17:36 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.05.17 18:17:36 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014.05.17 18:17:36 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.17 18:17:36 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014.05.17 18:17:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.05.17 18:17:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014.05.17 18:17:36 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.05.17 18:17:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014.05.17 18:17:36 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014.05.17 18:17:35 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.05.17 18:17:35 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014.05.17 18:17:35 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.05.17 18:17:35 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.05.17 18:17:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.05.17 18:17:35 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014.05.17 18:17:35 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014.05.17 18:17:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.05.17 18:16:34 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.05.17 18:16:34 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014.05.17 18:16:34 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014.05.17 18:16:34 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014.05.17 18:16:34 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014.05.17 18:16:34 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014.05.17 18:16:34 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014.05.17 18:16:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014.05.17 18:16:34 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014.05.17 18:16:33 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.17 18:16:33 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.17 18:16:33 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014.05.17 18:16:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014.05.17 18:16:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014.05.17 18:16:33 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014.05.17 18:16:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014.05.17 18:16:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014.05.17 18:16:11 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014.05.17 18:15:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014.05.17 18:15:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014.05.17 18:12:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.17 18:12:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.05.17 15:02:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
[2014.05.05 23:11:22 | 005,812,643 | ---- | M] () -- C:\Users\User\Desktop\uMLzkVY6HCR1.128.mp3
[2014.04.26 21:15:42 | 161,670,431 | ---- | M] () -- C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
[2014.04.26 21:14:42 | 158,733,084 | ---- | M] () -- C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
 
========== Files Created - No Company Name ==========
 
[2014.05.17 18:35:39 | 000,129,422 | ---- | C] () -- C:\Users\User\Desktop\18.30, 17.5.2014.jpg
[2014.05.17 18:17:40 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014.05.17 18:17:36 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014.05.05 23:10:08 | 005,812,643 | ---- | C] () -- C:\Users\User\Desktop\uMLzkVY6HCR1.128.mp3
[2014.04.28 03:08:33 | 004,270,148 | ---- | C] () -- C:\Users\User\Desktop\16.pdf
[2014.04.26 20:58:31 | 158,733,084 | ---- | C] () -- C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
[2014.04.26 20:58:09 | 161,670,431 | ---- | C] () -- C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
[2013.06.06 19:19:49 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Local\UserProducts.xml
[2013.01.20 20:48:17 | 000,000,065 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013.01.20 20:48:14 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013.01.20 20:48:14 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013.01.20 20:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013.01.20 20:48:08 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2012.04.23 02:02:47 | 000,000,837 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2010.10.11 01:08:58 | 000,025,088 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.27 08:18:29 | 000,000,013 | ---- | C] () -- C:\Users\User\cvdm.err
[2010.06.12 22:14:26 | 000,007,602 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 17.05.2014
Scan Time: 21:32:37
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.17.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298789
Time Elapsed: 20 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Ransom.Gend, HKU\S-1-5-21-1947255758-76080904-1852359020-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yaeldet, regsvr32.exe "C:\ProgramData\yaeldet.dat", , [1a64aca6df9c6ccaf9ac5ab0c1406c94]
Backdoor.HMCPol.Gen, HKU\S-1-5-21-1947255758-76080904-1852359020-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, C:\Windows\system32\install\winsrv, , [b3cba9a9ccaff83ef72967defb08b64a]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691, , [7e009ab8b7c44de9725a4d247c8623dd], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297265, , [9fdfba98e398bf770dbfc0b1f70bc23e], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861, , [4d31a6acf6855dd92aa24829b44ec040], 

Files: 15
Trojan.Ransom.Gend, C:\ProgramData\yaeldet.dat, , [1a64aca6df9c6ccaf9ac5ab0c1406c94], 
Trojan.Zbot, C:\Users\User\AppData\Local\Temp\pmswebprjui.exe, , [bbc355fd1467b6805eae94e8a95808f8], 
PUP.Optional.QuickShare.A, C:\Users\User\AppData\Local\Temp\QuickShare1.exe, , [2658b9994f2cc86e2c0565b9837d7b85], 
PUP.Optional.Delta.A, C:\Users\User\AppData\Local\Temp\DeltaTB.exe, , [344adb772259d75f1adaa26412efbe42], 
PUP.Optional.ScramblePacker.A, C:\Users\User\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe, , [3f3fa5ad502b7db941da7dfe24dd936d], 
PUP.Optional.Somoto.A, C:\Users\User\AppData\Local\Temp\appshat-distribution.exe, , [2a547ad81a6187afdb46879b49b7f010], 
PUP.Optional.MoviesToolBar.A, C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe, , [1f5fde7449322313a5893ce0d9286d93], 
PUP.Optional.Somoto.A, C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe, , [ed917dd5a7d4e74fb7e736d43dc47e82], 
Trojan.FakeMS.SVSGen, C:\Users\User\AppData\Local\Temp\Low\0499.dll, , [dca29bb7eb9079bd3408501955ac7f81], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297265\ism.exe, , [fb83232f87f42610b385809f3bc54fb1], 
Malware.Trace, C:\Users\User\AppData\Roaming\cglogs.dat, , [354972e02a51360048407d4fa75bb14f], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691\chromeid.txt, , [7e009ab8b7c44de9725a4d247c8623dd], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691\setup.ini.txt, , [7e009ab8b7c44de9725a4d247c8623dd], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861\chromeid.txt, , [4d31a6acf6855dd92aa24829b44ec040], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861\setup.ini.txt, , [4d31a6acf6855dd92aa24829b44ec040], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
__________________

Alt 19.05.2014, 14:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Zitat:
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
Hi, sowas geht nicht, mehrere Virenscanner wie Avir und MSE parallel zu nutzen, die kommen sich gegenseitig in die Quere.

Deinstalliere Avira, wird von uns schon lange nicht mehr empfohlen. Bevor du es aber runterhaust, bitte nachschauen in den Protokollen ob es Funde hatte. Wenn ja, alle Logs dazu posten. Siehe http://www.trojaner-board.de/125889-...tml#post941534

Danach sehen wir weiter.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.05.2014, 14:55   #5
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Danke für die Antwort, hier die logs von Avira. Ich deinstalliere es, wenn ich dein OK dazu bekomme.

Code:
ATTFilter
Exportierte Ereignisse:

17.05.2014 21:34 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\yaeldet.dat'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.81288' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b81744.qua' 
      verschoben!

17.05.2014 21:22 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '540b2316.qua' 
      verschoben!

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

17.05.2014 18:57 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\yaeldet.dat'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.81288' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56043b9e.qua' 
      verschoben!
         


Alt 19.05.2014, 15:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Jup, kannste nun runterkloppen. Starte Windows neu wenn es deinstalliert wurde und gib dann Bescheid.
__________________
--> Win7: Online-Banking, Verdacht auf Tatanga Trojaner

Alt 19.05.2014, 15:33   #7
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Ok, ist runter.

Alt 19.05.2014, 15:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.05.2014, 17:19   #9
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Ich bekomme Microsoft Security Essentials leider nicht ausgeschaltet, kannst du mir da Tipps geben? Selbst deinstallieren kann ich es nicht, das lässt Windows nicht zu. Ich habe es aus dem Systemstart genommen, es wird jedoch trotzdem geladen. MsMpSvc lässt sich über den Taskmanager auch nicht deaktivieren. Und während MSE läuft, soll Combofix ja nicht genutzt werden.

Alt 20.05.2014, 01:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Dann mach einfach mal so mit CF weiter...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 22:32   #11
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Ok, hier also das log. Eine Warnung wegen des laufen MSE hat CF abgegeben.

Code:
ATTFilter
ComboFix 14-05-19.01 - User 20.05.2014  22:14:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2795 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\User\AppData\Local\TempDIR
c:\users\User\AppData\Local\TempDIR\PIP2691_NDV2_.exe
G:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-20 bis 2014-05-20  ))))))))))))))))))))))))))))))
.
.
2014-05-19 11:56 . 2014-04-16 10:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC47BB84-A167-46E9-8053-E4F5D7FABB37}\mpengine.dll
2014-05-17 23:07 . 2014-05-17 23:08	--------	d-----w-	C:\FRST
2014-05-17 19:11 . 2014-05-17 19:11	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 19:10 . 2014-05-17 19:10	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 19:10 . 2014-05-17 19:10	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-17 19:10 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-17 19:10 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-17 19:10 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-17 16:41 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-17 16:41 . 2014-05-17 16:45	--------	d-----w-	C:\AdwCleaner
2014-05-17 16:34 . 2014-04-16 10:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-17 16:25 . 2014-05-17 16:25	--------	d-sh--w-	c:\users\User\AppData\Local\EmieUserList
2014-05-17 16:25 . 2014-05-17 16:25	--------	d-sh--w-	c:\users\User\AppData\Local\EmieSiteList
2014-05-17 16:16 . 2014-05-17 16:16	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-05-17 16:15 . 2014-05-17 16:15	1887232	----a-w-	c:\windows\system32\d3d11.dll
2014-05-17 16:15 . 2014-05-17 16:15	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2014-05-16 22:41 . 2014-05-16 22:42	--------	d-----w-	c:\users\User\AppData\Local\Eptjtion
2014-05-16 11:04 . 2014-05-03 10:30	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{936BECF4-F338-4B1D-8BA5-23756E426C39}\gapaengine.dll
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-03 17:59 . 2014-05-04 10:36	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-04-21 11:14 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-17 16:16 . 2014-05-17 16:16	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-05-17 16:12 . 2012-04-03 11:54	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 16:12 . 2011-05-18 08:54	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-03 10:30 . 2011-03-25 21:19	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eptjtion"="c:\users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll" [2014-05-16 800768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 enlkzanf;enlkzanf;c:\windows\system32\drivers\enlkzanf.sys;c:\windows\SYSNATIVE\drivers\enlkzanf.sys [x]
R1 imrufzce;imrufzce;c:\windows\system32\drivers\imrufzce.sys;c:\windows\SYSNATIVE\drivers\imrufzce.sys [x]
R1 lnukaata;lnukaata;c:\windows\system32\drivers\lnukaata.sys;c:\windows\SYSNATIVE\drivers\lnukaata.sys [x]
R1 mpahzbae;mpahzbae;c:\windows\system32\drivers\mpahzbae.sys;c:\windows\SYSNATIVE\drivers\mpahzbae.sys [x]
R1 nxdrikra;nxdrikra;c:\windows\system32\drivers\nxdrikra.sys;c:\windows\SYSNATIVE\drivers\nxdrikra.sys [x]
R1 qezegowc;qezegowc;c:\windows\system32\drivers\qezegowc.sys;c:\windows\SYSNATIVE\drivers\qezegowc.sys [x]
R1 tymtzgpo;tymtzgpo;c:\windows\system32\drivers\tymtzgpo.sys;c:\windows\SYSNATIVE\drivers\tymtzgpo.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
R3 pbfilter;pbfilter;d:\programme\PeerBlock\PeerBlock\pbfilter.sys;d:\programme\PeerBlock\PeerBlock\pbfilter.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17 05:00]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17 05:00]
.
2014-05-20 c:\windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-06-06 11:37]
.
2014-05-20 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-06-06 11:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmx.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.uni-greifswald.de:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: ????3?? - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\
FF - prefs.js: browser.startup.homepage - www.gmx.de
FF - prefs.js: network.proxy.ftp - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 1970-05-30 01:44; {7AEEB28A-EA4E-C605-89D8-027734C5C0AA}; - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-yaeldet - c:\programdata\yaeldet.dat
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-Digitale Bibliothek 4 - e:\digitale bibliothek 4\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D988493C-A82A-5A0E-4BD9-C1E125041A59}*]
"habhjjekahjncddb"=hex:69,61,6d,61,70,69,6c,62,65,67,65,67,62,6d,6f,62,6f,6c,
   00,00
"iahggkdogphhcmpfpm"=hex:69,61,6d,61,70,69,6c,62,65,67,65,67,62,6d,6f,62,6f,6c,
   00,76
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\crypserv.exe
d:\programme\VPN\cvpnd.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-20  22:28:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-20 20:28
.
Vor Suchlauf: 6.510.317.568 Bytes frei
Nach Suchlauf: 7.460.757.504 Bytes frei
.
- - End Of File - - 9D9040687F528AE83ED701511DD84F96
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 20.05.2014, 23:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Driver::
    enlkzanf
    imrufzce
    lnukaata
    mpahzbae
    nxdrikra
    qezegowc
    tymtzgpo
    
    Folder::
    c:\users\User\AppData\Local\Eptjtion
    
    File::
    c:\windows\SYSNATIVE\drivers\enlkzanf.sys
    c:\windows\SYSNATIVE\drivers\imrufzce.sys
    c:\windows\SYSNATIVE\drivers\lnukaata.sys
    c:\windows\SYSNATIVE\drivers\mpahzbae.sys
    c:\windows\SYSNATIVE\drivers\nxdrikra.sys
    c:\windows\SYSNATIVE\drivers\qezegowc.sys
    c:\windows\SYSNATIVE\drivers\tymtzgpo.sys
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Eptjtion"=-
             
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2014, 04:25   #13
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Danke wieder für die schnelle Antwort, hier das neue log. Es kam wieder zu einer Warnung wegen MSE, ein UL-Fenster für Suspect und Collect kam nicht, sind aber ja auch nicht im Skript enthalten.

Code:
ATTFilter
ComboFix 14-05-19.01 - User 22.05.2014   3:51.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2776 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\enlkzanf.sys"
"c:\windows\system32\drivers\imrufzce.sys"
"c:\windows\system32\drivers\lnukaata.sys"
"c:\windows\system32\drivers\mpahzbae.sys"
"c:\windows\system32\drivers\nxdrikra.sys"
"c:\windows\system32\drivers\qezegowc.sys"
"c:\windows\system32\drivers\tymtzgpo.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Eptjtion
c:\users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll
c:\users\User\AppData\Local\Eptjtion\AcAxDbTLBres.lck
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_enlkzanf
-------\Service_imrufzce
-------\Service_lnukaata
-------\Service_mpahzbae
-------\Service_nxdrikra
-------\Service_qezegowc
-------\Service_tymtzgpo
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-22 bis 2014-05-22  ))))))))))))))))))))))))))))))
.
.
2014-05-22 02:02 . 2014-05-22 02:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-22 02:02 . 2014-05-22 02:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-20 20:35 . 2014-05-03 10:30	1031560	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80FC9F6C-1807-47C6-98D0-891C5700EFCA}\gapaengine.dll
2014-05-20 20:34 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF8AB93D-9047-4C74-B40D-1768F94B4150}\mpengine.dll
2014-05-19 11:56 . 2014-04-16 10:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-17 23:07 . 2014-05-17 23:08	--------	d-----w-	C:\FRST
2014-05-17 19:11 . 2014-05-17 19:11	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 19:10 . 2014-05-17 19:10	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 19:10 . 2014-05-17 19:10	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-17 19:10 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-17 19:10 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-17 19:10 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-17 16:41 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-17 16:41 . 2014-05-17 16:45	--------	d-----w-	C:\AdwCleaner
2014-05-17 16:25 . 2014-05-17 16:25	--------	d-sh--w-	c:\users\User\AppData\Local\EmieUserList
2014-05-17 16:25 . 2014-05-17 16:25	--------	d-sh--w-	c:\users\User\AppData\Local\EmieSiteList
2014-05-17 16:16 . 2014-05-17 16:16	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-05-17 16:15 . 2014-05-17 16:15	1887232	----a-w-	c:\windows\system32\d3d11.dll
2014-05-17 16:15 . 2014-05-17 16:15	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-03 17:59 . 2014-05-04 10:36	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-17 16:16 . 2014-05-17 16:16	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-05-17 16:12 . 2012-04-03 11:54	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-17 16:12 . 2011-05-18 08:54	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-03 10:30 . 2011-03-25 21:19	1031560	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-14 18:13 . 2014-04-21 11:14	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
R3 pbfilter;pbfilter;d:\programme\PeerBlock\PeerBlock\pbfilter.sys;d:\programme\PeerBlock\PeerBlock\pbfilter.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17 05:00]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17 05:00]
.
2014-05-22 c:\windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-06-06 11:37]
.
2014-05-21 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-06-06 11:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmx.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.uni-greifswald.de:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: ????3?? - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\
FF - prefs.js: browser.startup.homepage - www.gmx.de
FF - prefs.js: network.proxy.ftp - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uni-greifswald.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 1970-05-30 01:44; {7AEEB28A-EA4E-C605-89D8-027734C5C0AA}; - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
AddRemove-Digitale Bibliothek 4 - e:\digitale bibliothek 4\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1947255758-76080904-1852359020-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D988493C-A82A-5A0E-4BD9-C1E125041A59}*]
"habhjjekahjncddb"=hex:69,61,6d,61,70,69,6c,62,65,67,65,67,62,6d,6f,62,6f,6c,
   00,00
"iahggkdogphhcmpfpm"=hex:69,61,6d,61,70,69,6c,62,65,67,65,67,62,6d,6f,62,6f,6c,
   00,76
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\crypserv.exe
d:\programme\VPN\cvpnd.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-22  04:17:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-22 02:17
ComboFix2.txt  2014-05-20 20:28
.
Vor Suchlauf: 7.366.066.176 Bytes frei
Nach Suchlauf: 7.450.312.704 Bytes frei
.
- - End Of File - - DB06A0BDA5B28B9D972523D6076634EA
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 22.05.2014, 09:26   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2014, 02:11   #15
joanbaez123
 
Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Standard

Win7: Online-Banking, Verdacht auf Tatanga Trojaner



adwCleaner
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 23/05/2014 um 01:47:33
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-105&v=n9602-134&t=4

*************************

AdwCleaner[R0].txt - [6970 octets] - [17/05/2014 18:41:33]
AdwCleaner[R1].txt - [1280 octets] - [23/05/2014 01:45:21]
AdwCleaner[S0].txt - [5848 octets] - [17/05/2014 18:45:27]
AdwCleaner[S1].txt - [1201 octets] - [23/05/2014 01:47:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1261 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 23.05.2014 at  1:51:53,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85725DBC-135C-49B5-A699-7C3871A0434B}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{58847F7E-545F-4F54-A691-E7AD0901A9DF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{9D837A22-290E-49B0-A57B-AC29FE4CC52C}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A60463C8-37B7-44B1-9EF1-1F43FAD57D92}



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2014 at  1:57:44,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by User at 2014-05-23 02:07:05
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.2 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Ashampoo Burning Studio 6 FREE (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.5 - ashampoo GmbH & Co. KG)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Image to PDF Converter Free 5.0 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version:  - PDFArea Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6) (HKLM-x32\...\Mozilla Firefox (3.6)) (Version: 3.6 (de) - Mozilla)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyBib eRoom - Browser (HKCU\...\MyBib eRoom - Browser) (Version:  - ImageWare Components GmbH)
NVIDIA 3D Vision Controller-Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0904 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0904 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0904 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1033 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.33 (Version: 310.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Partition Wizard Home Edition 5.0 (HKLM-x32\...\{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1) (Version:  - MT Solution Ltd.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.0 - )
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Soldat 1.6.0 (HKLM-x32\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)
Soldat 1.6.1 (HKLM-x32\...\Soldat patch 1.6.0-1.6.1_is1) (Version: 1.6.1 - Michal Marcinkowski)
Soldat 1.6.2 (HKLM-x32\...\Soldat patch 1.6.1-1.6.2_is1) (Version: 1.6.2 - Michal Marcinkowski)
Soldat 1.6.5 (HKLM-x32\...\Soldat_is1) (Version: 1.6.5 - Michal Marcinkowski)
Soldat 1.6.6 (HKLM-x32\...\Soldat_SBS_1_is1) (Version: 1.6.6 - Michal Marcinkowski)
Soldat 1.6.7 (HKLM-x32\...\Soldat_SBS_2_is1) (Version: 1.6.7 - Michal Marcinkowski)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewLit 4.2 - Professional (XP) (HKLM-x32\...\ViewLit 4.2 - Professional (XP)) (Version:  - )
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.7.4 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-22 04:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {13482418-1CD9-4E4A-9F62-527418C94776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {57AD9D90-3E05-4283-9C16-895DDFCFE472} - \WPD\SqmUpload_S-1-5-21-1947255758-76080904-1852359020-1000 No Task File <==== ATTENTION
Task: {58A0546E-421E-4E80-AC19-3834F9C56831} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {59503A72-11C4-444B-96BF-ADA3E5A1564F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {7AAB3D0C-9580-411B-B288-E2AC15FAF73D} - System32\Tasks\{A766BB37-B80D-4272-9C69-C49601C9D541} => I:\SETUP\SETUP.EXE
Task: {82C7FD85-93D7-4C64-9747-79C66CFEE79D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {8604E4FE-830A-46B8-9689-1A4BE72B50D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {87C07F41-E089-4194-9C3B-6F5758D0D0C0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8AB071C9-7CD7-46C9-BBD1-32990E72EC3C} - System32\Tasks\{878A5E12-7BF9-492E-B8D5-E28411D3EC31} => I:\SETUP\SETUP.EXE
Task: {BEEA351F-B48C-4618-8DFD-3BBFE789F82F} - System32\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-12-04 11:47 - 2012-10-20 02:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () D:\Programme\VPN\vpnapi.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "D:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightShot => C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-22 03:59:02.952
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 03:59:02.656
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 03:59:02.360
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 03:59:02.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-20 22:21:31.034
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-20 22:21:30.737
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 4095.49 MB
Available physical RAM: 2759.06 MB
Total Pagefile: 14333.16 MB
Available Pagefile: 12851.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:6.97 GB) NTFS
Drive d: (Volume) (Fixed) (Total:231.1 GB) (Free:45.77 GB) NTFS
Drive g: (Elements) (Fixed) (Total:1863.01 GB) (Free:47.54 GB) NTFS
Drive j: () (Fixed) (Total:185.49 GB) (Free:0.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6D37F68B)
Partition 1: (Active) - (Size=345 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=231 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0017BE67)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by User (administrator) on USER-PC on 23-05-2014 02:06:02
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Cisco Systems, Inc.) D:\Programme\VPN\cvpnd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.uni-greifswald.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0814DC5AB08CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default
FF Homepage: www.gmx.de
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.uni-greifswald.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "proxy.uni-greifswald.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.uni-greifswald.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.uni-greifswald.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.uni-greifswald.de"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\ich@maltegoetz.de [2014-01-28]
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: Basic Slideshow Theme - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{7AEEB28A-EA4E-C605-89D8-027734C5C0AA} [2014-05-17]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-05]
FF Extension: flashget3 Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2011-01-02]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-09]
FF Extension: Skype Wizard Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{1a796508-0ef4-4a59-afee-c762898d2b6e}.xpi [2013-11-14]
FF Extension: {a8630f62-3269-4ea7-981b-78e22f908985} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{a8630f62-3269-4ea7-981b-78e22f908985}.xpi [2013-11-11]
FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-02]
FF Extension: Greasemonkey - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-16]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.gmx.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll ()
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Picasa) - D:\Programme\Picasa\Picasa3\npPicasa3.dll No File
CHR Extension: (Basic Slideshow Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-17]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

==================== Services (Whitelisted) =================

R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
R2 CVPND; D:\Programme\VPN\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 pbfilter; D:\Programme\PeerBlock\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-06-16] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 01:59 - 2014-05-23 02:06 - 00020352 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-23 01:59 - 2014-05-23 01:59 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00001218 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-23 01:51 - 2014-05-23 01:51 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-23 01:51 - 2014-05-23 01:51 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 01:42 - 2014-05-23 01:42 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe
2014-05-22 03:49 - 2014-05-22 04:18 - 00000000 ____D () C:\ComboFix
2014-05-22 03:46 - 2014-05-22 03:47 - 05200426 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-20 22:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-20 22:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-20 22:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-20 22:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-20 22:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-20 22:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-20 22:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-20 22:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-19 16:55 - 2014-05-22 04:18 - 00000000 ____D () C:\Qoobox
2014-05-19 16:55 - 2014-05-22 04:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-18 01:07 - 2014-05-23 02:06 - 00000000 ____D () C:\FRST
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 21:10 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 21:10 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:41 - 2014-05-23 01:47 - 00000000 ____D () C:\AdwCleaner
2014-05-17 18:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:14 - 2014-05-17 18:20 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-03 19:59 - 2014-05-04 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-26 20:58 - 2014-04-26 21:15 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 20:58 - 2014-04-26 21:14 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4

==================== One Month Modified Files and Folders =======

2014-05-23 02:06 - 2014-05-23 01:59 - 00020352 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-23 02:06 - 2014-05-18 01:07 - 00000000 ____D () C:\FRST
2014-05-23 02:02 - 2013-02-17 07:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
2014-05-23 01:59 - 2014-05-23 01:59 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-23 01:57 - 2014-05-23 01:57 - 00001218 _____ () C:\Users\User\Desktop\JRT.txt
2014-05-23 01:56 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-05-23 01:56 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 01:56 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 01:52 - 2010-04-04 19:40 - 01748839 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 01:51 - 2014-05-23 01:51 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-05-23 01:51 - 2014-05-23 01:51 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 01:49 - 2013-01-20 20:48 - 00060016 _____ () C:\Windows\error.log
2014-05-23 01:49 - 2013-01-20 20:48 - 00013552 _____ () C:\Windows\errord.log
2014-05-23 01:49 - 2012-12-04 11:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-23 01:49 - 2010-04-04 18:48 - 00172336 _____ () C:\Windows\PFRO.log
2014-05-23 01:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 01:49 - 2009-07-14 06:51 - 00126857 _____ () C:\Windows\setupact.log
2014-05-23 01:47 - 2014-05-17 18:41 - 00000000 ____D () C:\AdwCleaner
2014-05-23 01:43 - 2010-06-10 22:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-05-23 01:42 - 2014-05-23 01:42 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe
2014-05-22 23:22 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
2014-05-22 22:11 - 2010-08-09 05:06 - 00000000 ____D () C:\Users\User\AppData\Local\Last.fm
2014-05-22 15:40 - 2009-07-14 19:58 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 15:40 - 2009-07-14 19:58 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 15:40 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 15:02 - 2013-02-17 07:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
2014-05-22 04:18 - 2014-05-22 03:49 - 00000000 ____D () C:\ComboFix
2014-05-22 04:18 - 2014-05-19 16:55 - 00000000 ____D () C:\Qoobox
2014-05-22 04:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-22 04:02 - 2014-05-19 16:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 04:02 - 2009-07-14 04:34 - 72806400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-22 04:02 - 2009-07-14 04:34 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-22 04:02 - 2009-07-14 04:34 - 00327680 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-22 04:02 - 2009-07-14 04:34 - 00081920 _____ () C:\Windows\system32\config\SAM.bak
2014-05-22 04:02 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-22 03:47 - 2014-05-22 03:46 - 05200426 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-05-20 22:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-18 18:55 - 2013-03-21 15:46 - 00000000 ____D () C:\Windows\rescache
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-17 21:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:24 - 2010-06-09 13:59 - 00001421 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-17 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 18:20 - 2014-05-17 18:14 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:12 - 2012-04-03 13:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 18:12 - 2011-05-18 10:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:36 - 2011-09-11 02:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-11 18:49 - 2013-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 16:41 - 2013-03-07 23:31 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 01:33 - 2013-05-29 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-09 14:57 - 2013-02-17 07:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA
2014-05-09 14:57 - 2013-02-17 07:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core
2014-05-08 13:08 - 2013-10-27 22:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\mIRC
2014-05-04 12:36 - 2014-05-03 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 02:34 - 2010-06-13 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldat
2014-04-26 21:15 - 2014-04-26 20:58 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 21:14 - 2014-04-26 20:58 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 21:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Antwort

Themen zu Win7: Online-Banking, Verdacht auf Tatanga Trojaner
0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, anleitung, association, backdoor.hmcpol.gen, besten, e-banking, gesetzt, install.exe, malware.trace, malwarebytes, meldung, online-banking, problem, pup.optional.conduit.a, pup.optional.delta.a, pup.optional.moviestoolbar.a, pup.optional.quickshare.a, pup.optional.scramblepacker.a, pup.optional.somoto.a, required, schonmal, screenshot, trojan.fakems.svsgen, trojan.ransom.gend, trojan.zbot, win, windows



Ähnliche Themen: Win7: Online-Banking, Verdacht auf Tatanga Trojaner


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Danke an COSINUS betr. "Online-Banking-Account gesperrt - Verdacht auf Trojaner"
    Lob, Kritik und Wünsche - 06.09.2015 (1)
  3. Online-Banking-Account gesperrt - Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.09.2015 (25)
  4. Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall
    Log-Analyse und Auswertung - 04.08.2014 (20)
  5. Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner
    Log-Analyse und Auswertung - 13.06.2014 (22)
  6. Online-Banking: Trojaner
    Log-Analyse und Auswertung - 02.05.2013 (1)
  7. Online-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (14)
  8. Trojaner im Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (21)
  9. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  10. Online-Banking gesperrt : Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (27)
  11. Online-Banking Trojaner
    Log-Analyse und Auswertung - 23.12.2011 (3)
  12. TAN / Online-Banking Trojaner!
    Log-Analyse und Auswertung - 29.11.2011 (35)
  13. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  14. Online Banking Gesperrt wegen Verdacht auf Trojaner
    Log-Analyse und Auswertung - 13.07.2011 (7)
  15. Verdacht auf Viren (Phishing / Online-Banking)
    Log-Analyse und Auswertung - 12.11.2009 (53)
  16. Verdacht auf Trojaner beim Online-Banking
    Log-Analyse und Auswertung - 14.03.2009 (7)

Zum Thema Win7: Online-Banking, Verdacht auf Tatanga Trojaner - Hallo, heute habe ich ein Problem beim Online-Banking festgestellt. Statt der üblichen Nutzerfläche kam eine Meldung "Zu Ihrer Sicherheit", ein Screenshot davon ist angehängt. Ich habe etwas gegoogelt und gehe - Win7: Online-Banking, Verdacht auf Tatanga Trojaner...
Archiv
Du betrachtest: Win7: Online-Banking, Verdacht auf Tatanga Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.