Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner 2.07 (https://www.trojaner-board.de/119268-gvu-trojaner-2-07-a.html)

CLMarkus 12.07.2012 13:18
GVU Trojaner 2.07
 
Hallo,

habe mir auf dem Laptop (Win 7) den GVU 2.07 Trojaner eingefangen und wäre dankbar für Hilfe beim entfernen.

Hier die Logfiles von OTL (abgesicherter Modus)

VG
Markus

CLMarkus 12.07.2012 16:53
Sorry, die OTL.txt nochmal direkt:

Code:
OTL logfile created on: 12/07/2012 13:35:29 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\jessika\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
 
3.87 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 86.07% Memory free
7.73 Gb Paging File | 7.22 Gb Available in Paging File | 93.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 207.64 Gb Free Space | 72.86% Space Free | Partition Type: NTFS
 
Computer Name: JESSIKA-PC | User Name: jessika | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/12 13:13:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jessika\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/27 06:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/25 11:19:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/20 10:12:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/13 13:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/27 07:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/27 06:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/05/11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/01/27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb139?a=6R8uEVeK3u&i=26
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=42d912b60000000000005cac4c719847&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{C08A60A5-2580-40FD-A5A9-5D359B9F9670}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=616163&p={searchTerms}
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{C9180643-C4ED-4BD0-B572-F32E027639A3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=e4f6bf4b-78b3-403c-9cfa-51a42c10fff1&apn_sauid=F432850E-3E48-4EF5-B105-C874C1246822
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8uEVeK3u&i=26
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-419889299-2438268077-904186118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8uEVeK3u&&i=26&search="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/01 10:11:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/04 20:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/04 20:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/01 10:11:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 10:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/26 19:58:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 10:12:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/26 19:58:21 | 000,000,000 | ---D | M]
 
[2011/02/04 15:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jessika\AppData\Roaming\mozilla\Extensions
[2012/06/01 10:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jessika\AppData\Roaming\mozilla\Firefox\Profiles\yypemtdq.default\extensions
[2011/03/21 13:57:49 | 000,000,873 | ---- | M] () -- C:\Users\jessika\AppData\Roaming\Mozilla\Firefox\Profiles\yypemtdq.default\searchplugins\conduit.xml
[2012/07/09 15:57:49 | 000,001,056 | ---- | M] () -- C:\Users\jessika\AppData\Roaming\Mozilla\Firefox\Profiles\yypemtdq.default\searchplugins\icqplugin.xml
[2012/06/01 10:11:30 | 000,002,203 | ---- | M] () -- C:\Users\jessika\AppData\Roaming\Mozilla\Firefox\Profiles\yypemtdq.default\searchplugins\MyStart Search.xml
[2011/09/08 08:42:48 | 000,003,915 | ---- | M] () -- C:\Users\jessika\AppData\Roaming\Mozilla\Firefox\Profiles\yypemtdq.default\searchplugins\sweetim.xml
[2012/06/20 10:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/05/03 16:10:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/20 10:12:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 10:12:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/21 13:40:57 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/20 10:12:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 10:12:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/20 10:12:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/20 10:12:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/20 10:12:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\jessika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\jessika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O3 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-419889299-2438268077-904186118-1000..\Run: [FreeAC] C:\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-419889299-2438268077-904186118-1000..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-419889299-2438268077-904186118-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-419889299-2438268077-904186118-1000..\Run: [Spotify Web Helper] C:\Users\jessika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\jessika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jessika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jessika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-419889299-2438268077-904186118-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FCCFC60-6D81-4475-968F-9B9B3919A083}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 83.169.184.33 83.169.184.97
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/12 13:33:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jessika\Desktop\OTL.exe
[2012/06/26 21:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/06/26 19:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 19:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/26 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Local\Microsoft Help
[2012/06/26 17:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/26 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Local\SoftGrid Client
[2012/06/26 17:49:56 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Roaming\SoftGrid Client
[2012/06/26 17:48:38 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Roaming\TP
[2012/06/26 10:56:41 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/26 10:48:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 11:35:04 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Local\Macromedia
[2012/06/23 10:13:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 10:13:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 10:13:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 10:12:35 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 10:12:35 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 10:12:35 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 10:12:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 10:12:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\jessika\Desktop\schulen_bewerbung
[2012/06/21 12:18:25 | 000,000,000 | ---D | C] -- C:\Users\jessika\AppData\Roaming\TuneUp Software
[2012/06/21 12:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/21 12:17:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/21 12:17:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/17 19:07:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/17 19:07:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/17 19:07:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/17 19:07:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/17 19:07:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/17 19:07:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/17 19:07:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/17 19:07:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/17 19:07:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/17 19:07:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/17 19:07:50 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/17 19:07:50 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/17 19:07:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 08:46:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 08:46:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 08:46:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 08:46:43 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 08:46:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 08:46:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/12 13:33:54 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 13:33:54 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/12 13:33:54 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 13:33:54 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/12 13:33:54 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 13:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 13:30:10 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 13:29:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 13:29:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 13:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 13:13:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jessika\Desktop\OTL.exe
[2012/07/12 13:09:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012/07/09 18:11:11 | 000,001,889 | ---- | M] () -- C:\Users\jessika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/06/26 23:25:15 | 000,000,162 | -H-- | M] () -- C:\Users\jessika\Desktop\~$ssika Wagner.odt
[2012/06/26 17:49:06 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 10:53:31 | 000,000,048 | ---- | M] () -- C:\Users\jessika\AppData\Local\JESSIKA-PC.cfg
[2012/06/25 11:19:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/25 11:19:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/19 08:48:21 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/09 18:11:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012/07/09 18:11:11 | 000,001,889 | ---- | C] () -- C:\Users\jessika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/06/26 23:25:15 | 000,000,162 | -H-- | C] () -- C:\Users\jessika\Desktop\~$ssika Wagner.odt
[2012/06/26 17:49:06 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 10:53:31 | 000,000,048 | ---- | C] () -- C:\Users\jessika\AppData\Local\JESSIKA-PC.cfg
[2012/06/04 09:54:09 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/18 14:36:23 | 000,000,233 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/25 09:55:38 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/02/22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/07 20:00:08 | 001,529,856 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/02/07 20:00:08 | 000,925,667 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2011/02/07 20:00:08 | 000,721,798 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/07 20:00:08 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/02/07 20:00:08 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/02/07 20:00:08 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/02/07 20:00:08 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/02/07 20:00:08 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/02/07 20:00:08 | 000,140,800 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/02/07 20:00:08 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/02/07 20:00:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/02/07 20:00:08 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\FLT_ffdshow.dll
[2011/02/07 19:45:52 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/07 19:39:02 | 004,166,551 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/02/04 15:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/21 03:56:51 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/21 03:56:51 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/08/21 03:56:51 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010/08/21 03:48:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/21 03:42:47 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/08/18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010/08/14 10:45:18 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2010/08/14 10:45:10 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2010/08/14 10:43:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2010/08/14 10:43:42 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2010/08/14 10:43:34 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2010/08/14 10:43:22 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2010/08/14 10:42:54 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2010/08/14 10:42:48 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2010/08/14 10:42:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2010/08/14 10:42:06 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2010/08/14 10:41:54 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2010/08/14 10:40:02 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2010/08/14 10:39:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/07/13 14:07:42 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012/04/26 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\becker
[2011/03/14 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\Boomzap
[2011/03/21 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/12 14:42:21 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\HdO Adventure
[2011/09/08 08:43:41 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\ICQ
[2011/09/08 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\Kalenderchen
[2011/02/15 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\OpenOffice.org
[2011/09/14 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\phonostar GmbH
[2011/07/22 11:35:40 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\PlagiarismFinder
[2010/12/31 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\PlayFirst
[2011/08/25 20:03:17 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\Skunk Studios
[2012/06/27 09:03:17 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\SoftGrid Client
[2012/06/12 11:47:19 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\Spotify
[2011/05/01 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\TheFixerUpper
[2012/06/26 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\TP
[2012/06/21 12:18:25 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\TuneUp Software
[2011/09/01 16:19:50 | 000,000,000 | ---D | M] -- C:\Users\jessika\AppData\Roaming\www.shadowexplorer.com
[2012/06/26 21:29:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:0C5A6770
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:390B30B4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2430E4FC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:FD000392
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
Nach einem Suchlauf mit Malwarebytes im abgesicherten Windows-Modus und der Entfernung zweier Funde sind nun die Symptome auch im normalen Modus verschwunden. Wenn noch Handlungsbedarf besteht, freue ich mich trotzdem über Anweisungen... Danke schonmal im Vorraus!

Hier das MBAM-Log von heute (darunter ein älteres, mehr sind nicht vorhanden)

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.13.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
jessika :: JESSIKA-PC [Administrator]

13/07/2012 09:59:31
mbam-log-2012-07-13 (09-59-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354095
Laufzeit: 38 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\jessika\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.124Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\jessika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jessika :: JESSIKA-PC [Administrator]

26/06/2012 20:01:56
mbam-log-2012-06-26 (20-01-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342100
Laufzeit: 1 Stunde(n), 16 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec-V (Trojan.LilyJade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\Codec-V\Codec-V.dll (PUP.Codec.PR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Codec-V\Uninstall.exe (Trojan.LilyJade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\jessika\Downloads\SoftonicDownloader_fuer_a-squared.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 13.07.2012 19:45
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CLMarkus 14.07.2012 15:02
Combofix Logfile:

Code:
ComboFix 12-07-13.03 - jessika 14/07/2012  15:39:41.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3959.2537 [GMT 2:00]
ausgeführt von:: c:\users\jessika\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 13:47 . 2012-07-14 13:47        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-13 09:56 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-13 09:14 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA8003D2-5A85-4062-AE4A-E0963FA5F052}\mpengine.dll
2012-07-13 09:09 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-07-13 09:09 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-07-13 09:09 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-07-13 09:09 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-07-13 09:09 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-07-13 09:04 . 2012-06-02 12:52        754808        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2012-06-26 19:39 . 2012-06-26 20:08        --------        d-----w-        c:\programdata\VirtualizedApplications
2012-06-26 17:59 . 2012-07-13 07:55        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 15:50 . 2012-06-26 15:50        --------        d-----w-        c:\programdata\Microsoft Help
2012-06-26 15:50 . 2012-06-26 15:50        --------        d-----w-        c:\users\jessika\AppData\Local\Microsoft Help
2012-06-26 15:50 . 2012-06-26 15:50        --------        d-----w-        c:\users\jessika\AppData\Local\SoftGrid Client
2012-06-26 15:49 . 2012-06-27 07:03        --------        d-----w-        c:\users\jessika\AppData\Roaming\SoftGrid Client
2012-06-26 15:48 . 2012-06-26 15:50        --------        d-----w-        c:\users\jessika\AppData\Roaming\TP
2012-06-26 08:56 . 2012-06-26 10:42        --------        d-----w-        C:\sh4ldr
2012-06-26 08:56 . 2012-06-26 10:42        --------        d-----w-        c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-25 09:35 . 2012-06-25 09:35        --------        d-----w-        c:\users\jessika\AppData\Local\Macromedia
2012-06-23 08:13 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-23 08:13 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-23 08:13 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-23 08:13 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-23 08:12 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-23 08:12 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-23 08:12 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-23 08:12 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-23 08:12 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-21 10:18 . 2012-06-21 10:18        --------        d-----w-        c:\users\jessika\AppData\Roaming\TuneUp Software
2012-06-21 10:17 . 2012-06-21 10:19        --------        d-----w-        c:\programdata\TuneUp Software
2012-06-21 10:17 . 2012-06-21 10:17        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-21 10:17 . 2012-06-21 10:17        --------        d--h--w-        c:\programdata\Common Files
2012-06-20 08:12 . 2012-06-20 08:12        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 08:12 . 2012-06-20 08:12        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 10:19 . 2012-06-07 07:39        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 10:19 . 2011-06-25 08:13        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-06-02 14:32        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-10 07:49 . 2012-05-10 07:49        476960        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-05-10 07:49 . 2011-02-15 12:18        472864        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-05-10 06:28 . 2012-05-10 06:28        524288        ----a-w-        c:\windows\system32\home box office.scr
2012-05-10 06:28 . 2012-05-10 06:28        524288        ------w-        c:\windows\SysWow64\home box office.scr
2012-05-04 11:06 . 2012-06-14 06:46        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 06:46        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 06:46        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 13:24 . 2012-05-14 09:59        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-04-28 03:55 . 2012-06-14 06:46        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-27 08:20 . 2012-05-14 09:59        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-26 05:41 . 2012-06-14 06:46        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 06:46        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 06:46        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 22:32 . 2012-05-14 09:59        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-18 09:56        1519272        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-18 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"phonostarTimer"="c:\program files (x86)\phonostar-Player\phonostarTimer.exe" [2011-06-20 40960]
"FreeAC"="c:\freealarmclock\FreeAlarmClock.exe" [2011-11-22 1327440]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Spotify Web Helper"="c:\users\jessika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-12 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-18 1557160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\jessika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 10:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-08 13:13        201728        ----a-w-        c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-08-21 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8uEVeK3u&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108145l04d4z1j5v4712255q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\jessika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jessika\AppData\Roaming\Mozilla\Firefox\Profiles\yypemtdq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.mg41.mail.yahoo.com/dc/launch?sysreq=ignore
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8uEVeK3u&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8uEVeK3u&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 42d912b600000000000046ac4c719847
FF - user.js: extensions.incredibar_i.instlDay - 15492
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:11
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8uEVeK3u
FF - user.js: extensions.incredibar_i.upn2n - 92824459288576048
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 12%5F2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14  15:54:13
ComboFix-quarantined-files.txt  2012-07-14 13:54
.
Vor Suchlauf: 12 Verzeichnis(se), 218,921,246,720 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 218,752,835,584 Bytes frei
.
- - End Of File - - B6450378CDAFFD1326CA0FC6B8175DB8

markusg 15.07.2012 17:47
hi

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

CLMarkus 15.07.2012 18:44
Ich glaub ich ziemlich häufig "unbekannt" geschrieben. Viele Programme sagen mir zwar was - z.B. wird die ganze realtek reihe zur audio-software gehören - aber ich kann nicht immer zuordnen, welche software was genau macht... :glaskugel:

Acer Backup Manager NewTech Infosystems 21/08/2010 54.1MB 2.0.0.68 NOTWENDIG
Acer Crystal Eye webcam Ver:1.1.191.726 Chicony Electronics Co.,Ltd. 21/08/2010 1.1.191.726 NOTWENDIG
Acer ePower Management Acer Incorporated 21/08/2010 5.00.3005 NOTWENDIG
Acer eRecovery Management Acer Incorporated 13/07/2010 4.05.3013 NOTWENDIG
Acer Registration Acer Incorporated 21/08/2010 1.03.3003 UNBEKANNT
Acer ScreenSaver Acer Incorporated 21/08/2010 1.1.0707.2010 UNBEKANNT
Acer Updater Acer Incorporated 13/07/2010 1.02.3001 NOTWENDIG
Acrobat.com Adobe Systems Incorporated 13/07/2010 1.60MB 1.6.65 UNBEKANNT
Adobe AIR Adobe Systems Incorporated 13/09/2011 2.7.1.19610 UNBEKANNT
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13/07/2012 6.00MB 11.3.300.265 NOTWENDIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13/07/2012 6.00MB 11.3.300.265 NOTWENDIG
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 26/06/2012 167MB 10.1.3 NOTWENDIG
Apple Application Support Apple Inc. 13/05/2012 61.0MB 2.1.7 UNBEKANNT
Apple Mobile Device Support Apple Inc. 13/05/2012 24.4MB 5.1.1.4 UNNÖTIG
Apple Software Update Apple Inc. 03/08/2011 2.38MB 2.1.3.127 UNBEKANNT
ATI Catalyst Install Manager ATI Technologies, Inc. 21/08/2010 22.3MB 3.0.778.0 UNBEKANNT
Avira Free Antivirus Avira 14/05/2012 125MB 12.0.0.1125 NOTWENDIG
Avira SearchFree Toolbar plus Web Protection Ask.com 14/05/2012 3.78MB 1.15.1.0 UNNÖTIG
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 14/05/2012 1.2.1.22229 UNNÖTIG
Bonjour Apple Inc. 21/10/2011 2.00MB 3.0.0.10 UNNÖTIG
Broadcom Gigabit NetLink Controller Broadcom Corporation 13/07/2010 448KB 14.0.2.3 NOTWENDIG
CCleaner Piriform 22/06/2012 3.20 TEMPORÄR NOTWENDIG
Combined Community Codec Pack 2010-10-10 CCCP Project 16/03/2011 26.0MB 2010.10.10.0 UNBEKANNT
CyberLink PowerDVD 9 CyberLink Corp. 21/08/2010 114MB 9.0.2829.50 UNBEKANNT
DivX-Setup DivX, LLC 04/03/2011 2.4.0.6 UNBEKANNT
ETDWare PS/2-x64 7.0.6.5_WHQL ELAN Microelectronics Corp. 21/08/2010 7.0.6.5 UNBEKANNT
Free Alarm Clock 2.5.0 Comfort Software Group 02/01/2012 2.67MB 2.5 NOTWENDIG
Freecorder 4 Applian Technologies Inc. 29/03/2011 4.12 NOTWENDIG
GPL MPEG-1/2 DirectShow Decoder Filter Peter Wimmer 04/03/2011 256KB 0.1.2 UNBEKANNT
home box office Screen Saver 10/05/2012 UNBEKANNT
Identity Card Acer Incorporated 21/08/2010 1.00.3003 UNBEKANNT
Incredibar Toolbar on IE 01/06/2012 UNNÖTIG
Intel(R) Management Engine Components Intel Corporation 21/08/2010 6.0.0.1179 UNBEKANNT
Intel(R) Rapid Storage Technology Intel Corporation 21/08/2010 9.6.2.1001 UNBEKANNT
iTunes Apple Inc. 13/05/2012 157MB 10.6.1.7 NOTWENDIG
Java(TM) 6 Update 32 Oracle 10/05/2012 95.7MB 6.0.320 UNBEKANNT
Kalenderchen 5 Daniel Manger 08/09/2011 4.91MB NOTWENDIG
Launch Manager Acer Inc. 21/08/2010 4.0.12 NOTWENDIG
Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 13/07/2012 18.7MB 1.62.0.1300 NOTWENDIG
McAfee Security Scan Plus McAfee, Inc. 07/06/2012 10.2MB 3.0.207.4 UNNÖTIG
Microsoft Silverlight Microsoft Corporation 14/05/2012 188MB 4.1.10329.0 NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 21/08/2010 1.72MB 3.1.0000 UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24/01/2012 252KB 8.0.50727.4053 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16/06/2011 300KB 8.0.56336 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16/05/2011 598KB 9.0.30729.5570 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13/07/2010 596KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04/02/2011 596KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/06/2011 600KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17/05/2012 12.2MB 10.0.40219 UNBEKANNT
Mozilla Firefox 13.0.1 (x86 de) Mozilla 20/06/2012 41.3MB 13.0.1 NOTWENDIG
Mozilla Maintenance Service Mozilla 20/06/2012 309KB 13.0.1 UNBEKANNT
MyWinLocker Suite Egis Technology Inc. 13/07/2010 2.20MB 3.1.212.0 UNBEKANNT
Naviextras Toolbox Prerequesities NNG Llc. 26/04/2012 4.05MB 1.0.0 UNNÖTIG
NTI Media Maker 9 NTI Corporation 13/07/2010 1.60GB 9.0.2.8928 UNBEKANNT
NVIDIA PhysX v8.10.13 NVIDIA Corporation 13/01/2012 119MB 8.10.13 UNBEKANNT
OpenOffice.org 3.3 OpenOffice.org 15/02/2011 414MB 3.3.9567 NOTWENDIG
phonostar-Player Version 3.02.2 14/09/2011 NOTWENDIG
QuickTime Apple Inc. 13/12/2011 73.2MB 7.71.80.42 NOTWENDIG
Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 21/08/2010 6.0.1.6034 NOTWENDIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21/08/2010 6.0.1.6141 NOTWENDIG
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 21/08/2010 6.1.7600.30122 UNBEKANNT
Skype Click to Call Skype Technologies S.A. 03/05/2012 12.4MB 5.9.9216 UNBEKANNT
Skype™ 5.10 Skype Technologies S.A. 26/06/2012 19.4MB 5.10.114 NOTWENDIG
Spotify Spotify AB 15/07/2012 0.8.4.93.gd9f49c35 NOTWENDIG
Web Assistant 2.0.0.439 IB 01/06/2012 2.02MB UNBEKANNT
Welcome Center Acer Incorporated 21/08/2010 1.02.3002 UNBEKANNT
Windows 7 Codec Pack 3.0.0 Windows 7 Codec Pack 19/03/2011 NOTWENDIG
Windows Live Anmelde-Assistent Microsoft Corporation 21/08/2010 1.93MB 5.000.818.5 UNBEKANNT
Windows Live Essentials Microsoft Corporation 21/08/2010 14.0.8089.0726 UNBEKANNT
Windows Live Sync Microsoft Corporation 21/08/2010 2.79MB 14.0.8089.726 UNBEKANNT

markusg 17.07.2012 22:39
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree : beide
Combined
CyberLink
DivX
ETDWare
home box
Incredibar
McAfee
Naviextras
Web Assistant
Windows Live : alle die die du nicht nutzt

öffne ccleaner, analysieren starten.
öffne otl, cleanup pc startet neu testen wie er läuft

CLMarkus 18.07.2012 19:42
De- und Neuinstallationen und Konfigurationen soweit erledigt, außer:
- DivX Setup: reagiert nicht auf den Deinstallationsbefehl
- ETDWare und Incredibar melden beim Deinstallationsversuch "Error:2 Das System kann die angegebene Datei nicht finden". Kann sein, daß die Programme schon früher (unsauber) gelöscht wurden.
- Cyberlink habe ich behalten, da damit doch ab und zu DVDs geguckt werden. (Sorry, ist nicht mein eigener Laptop und die Abstimmung klappt leider nur zu 97% ;-) )

CCleaner ist drüber gelaufen, OTL-Cleanup ebenso. Laptop läuft bisher normal.

markusg 19.07.2012 16:07
hi
macht ja nichts, nur unnötiges zeug muss ja nicht drauf sein.
wegen der nicht funktionierenen deinstalationen, mal rewo angucken:
http://www.hijackthis-forum.de/tipps...installer.html
danach sind wir fast durch, dann wird noch abgesichert, aber da solltest du den besitzer gleich rann holen, damit er sieht was passiert und was neu ist.

CLMarkus 31.07.2012 13:15
Hi,

DivX Setup und Incredibar sind mit Revo deinstalliert und jetzt auch im CCleaner verschwunden.

Die EDTWare findet Revo nicht. Auf der Festplatte ist sie in C:/programme/Elantech und die Dateien sind schon seit Laptop-Kauf drauf. Nach dem, was ich so bei google finde, geht es wohl um die touchpad-Steuerung... denke nicht, daß es tragisch ist, wenn es drauf bleibt. (Ohne dem Experten-Urteil vorgreifen zu wollen! :pfeiff: )

VG Markus

markusg 01.08.2012 20:30
kannst es drauf lassen :-)
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131