Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   SpyHunter 4 + Optimizer Pro (https://www.trojaner-board.de/130779-spyhunter-4-optimizer-pro.html)

mischamo 08.02.2013 10:45
SpyHunter 4 + Optimizer Pro
 
Moin Moin

Ich habe mir wohl oben genannte Viren eingefangen und bin mit deren Entfernung leicht überfordert.
Vielleicht könnte mir jemand zur Seite stehen.
Ein ganz wenig konnte ich mich in dieses Thema einlesen und bin jetzt an diesem Punkt angelangt:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mischa :: MISCHA-PC [Administrator]

Schutz: Aktiviert

08.02.2013 10:28:07
mbam-log-2013-02-08 (10-28-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208460
Laufzeit: 1 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bösartig: (hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\mischa\Downloads\triggerfinger__all_this_dancin_around_2012_id3637671id.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und nu?

Grüße

aharonov 08.02.2013 11:01
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld. :)

aharonov 08.02.2013 11:32
Hallo mischamo und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.



Zitat:
Ich habe mir wohl oben genannte Viren eingefangen
Du hast dir auch noch ganz andere Dinge eingefangen..

Zitat:
Vielleicht könnte mir jemand zur Seite stehen.
Klar. Führ bitte folgende Schritte aus, damit wir mal einen Überblick haben.


Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 2
  • Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Allen Festplatten ausser der Systemplatte (nur die Systempartition, normalerweise C:\, sollte angehakt sein)
    • Show all
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Gmer
  • Logs von OTL

mischamo 08.02.2013 13:56
Ich hoffe,ich habe es richtig durchgeführt.

GMER Logfile:
Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 13:34:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22A0RT0 rev.01.01A01 465,76GB
Running: hhhmt89c.exe; Driver: C:\Users\mischa\AppData\Local\Temp\kwriypog.sys


---- Kernel code sections - GMER 2.0 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                              fffff96000153c00 7 bytes [C0, A0, F3, FF, 01, AC, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 9                                                                                                                                          fffff96000153c09 2 bytes [06, 02]

---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              00000000762316bd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000762316bd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                      0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                        0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                      0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                      000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                  00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                  0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                        000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                      000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                        0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                        00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                      00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                  00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                  00000000762316bd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                                                                  0000000070d71825 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                                                                  0000000070d71830 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                                                              0000000070d7183b 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                                                                0000000070d71846 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4                                                      0000000070d71851 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                                                              0000000070d7185c 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                                                                        0000000070d71867 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                                                                    0000000070d71872 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                                                                0000000070d7187d 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                                                              0000000070d71888 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                                                              0000000070d71893 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                                                                0000000070d7189e 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                                                                    0000000070d718a9 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                                                                  0000000070d718b4 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4                                                          0000000070d718bf 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                                                                    0000000070d718ca 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                                                                    0000000070d718d5 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                                                                  0000000070d718e0 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                                                              0000000070d718eb 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4                                                          0000000070d718f6 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                                                              0000000070d71901 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                                                                0000000070d7190c 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                                                                    0000000070d71917 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                                                                  0000000070d71922 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                                                                  0000000070d7192d 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                                                            0000000070d71938 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                                                                0000000070d71943 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                                                            0000000070d7194e 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                                                                    0000000070d71959 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                                                                            0000000070d71964 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                                                                    0000000070d7196f 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                                                                  0000000070d7197a 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                                                                      0000000070d71985 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                                                                    0000000070d71990 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4                                                            0000000070d7199b 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                                                                0000000070d719a6 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                                                                0000000070d719b1 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                                                                  0000000070d719bc 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                                                                      0000000070d719c7 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                                                            0000000070d719d2 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                                                                          0000000070d719dd 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4                                                            0000000070d719e8 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                                                                0000000070d719f3 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4                                                        0000000070d719fe 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                                                                        0000000070d71a09 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                                                                    0000000070d71a14 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                                                                      0000000070d71a1f 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                                                                      0000000070d71a2a 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                                                                0000000070d71a35 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                                                                    0000000070d71a40 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                                                              0000000070d71a4b 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                                                                  0000000070d71a56 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                                                                          0000000070d71a61 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                                                                        0000000070d71a6c 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                                                                    0000000070d71a77 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                                                            0000000070d71a82 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[424] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52                                                            0000000070d71ab2 2 bytes [D7, 70]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000762316bd 2 bytes [23, 76]
?      C:\Windows\system32\mssprxy.dll [3544] entry point in ".rdata" section                                                                                                                      0000000074db71e6
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                  000000007772f991 7 bytes {MOV EDX, 0xd0da28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        000000007772fbd5 7 bytes {MOV EDX, 0xd0da68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            000000007772fc05 7 bytes {MOV EDX, 0xd0d9a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                    000000007772fc1d 7 bytes {MOV EDX, 0xd0d928; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                      000000007772fc35 7 bytes {MOV EDX, 0xd0db28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                    000000007772fc65 7 bytes {MOV EDX, 0xd0db68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      000000007772fce5 7 bytes {MOV EDX, 0xd0dae8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                    000000007772fcfd 7 bytes {MOV EDX, 0xd0daa8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                              000000007772fd49 7 bytes {MOV EDX, 0xd0d868; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    000000007772fe41 7 bytes {MOV EDX, 0xd0d8a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                            0000000077730099 7 bytes {MOV EDX, 0xd0d828; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                      00000000777310a5 7 bytes {MOV EDX, 0xd0d9e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                            000000007773111d 7 bytes {MOV EDX, 0xd0d968; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077731321 7 bytes {MOV EDX, 0xd0d8e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000762316bd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                  000000007772f991 7 bytes {MOV EDX, 0x915e28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        000000007772fbd5 7 bytes {MOV EDX, 0x915e68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            000000007772fc05 7 bytes {MOV EDX, 0x915da8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                    000000007772fc1d 7 bytes {MOV EDX, 0x915d28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                      000000007772fc35 7 bytes {MOV EDX, 0x915f28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                    000000007772fc65 7 bytes {MOV EDX, 0x915f68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      000000007772fce5 7 bytes {MOV EDX, 0x915ee8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                    000000007772fcfd 7 bytes {MOV EDX, 0x915ea8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                              000000007772fd49 7 bytes {MOV EDX, 0x915c68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    000000007772fe41 7 bytes {MOV EDX, 0x915ca8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                            0000000077730099 7 bytes {MOV EDX, 0x915c28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                      00000000777310a5 7 bytes {MOV EDX, 0x915de8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                            000000007773111d 7 bytes {MOV EDX, 0x915d68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077731321 7 bytes {MOV EDX, 0x915ce8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000762316bd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                  000000007772f991 7 bytes {MOV EDX, 0xe9ca28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        000000007772fbd5 7 bytes {MOV EDX, 0xe9ca68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            000000007772fc05 7 bytes {MOV EDX, 0xe9c9a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                    000000007772fc1d 7 bytes {MOV EDX, 0xe9c928; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                      000000007772fc35 7 bytes {MOV EDX, 0xe9cb28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                    000000007772fc65 7 bytes {MOV EDX, 0xe9cb68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      000000007772fce5 7 bytes {MOV EDX, 0xe9cae8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                    000000007772fcfd 7 bytes {MOV EDX, 0xe9caa8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                              000000007772fd49 7 bytes {MOV EDX, 0xe9c868; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    000000007772fe41 7 bytes {MOV EDX, 0xe9c8a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                            0000000077730099 7 bytes {MOV EDX, 0xe9c828; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                      00000000777310a5 7 bytes {MOV EDX, 0xe9c9e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                            000000007773111d 7 bytes {MOV EDX, 0xe9c968; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077731321 7 bytes {MOV EDX, 0xe9c8e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000076231401 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000076231419 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000076231431 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000762314dd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000762314f5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007623150d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000076231525 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007623153d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076231555 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007623156d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000076231585 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007623159d 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000762315b5 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000762315cd 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000762316b2 2 bytes [23, 76]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000762316bd 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                        0000000076231401 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                          0000000076231419 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                        0000000076231431 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                        000000007623144a 2 bytes [23, 76]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000762314dd 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                    00000000762314f5 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007623150d 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                    0000000076231525 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                          000000007623153d 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000076231555 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                        000000007623156d 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                          0000000076231585 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007623159d 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                          00000000762315b5 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                        00000000762315cd 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                    00000000762316b2 2 bytes [23, 76]
.text  C:\Users\mischa\Downloads\Defogger.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                    00000000762316bd 2 bytes [23, 76]

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef8762750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef8762b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef8767de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]          [7fef8768130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]  [7fef8761908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef8761c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]          [7fef87681d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                  [7fef8762878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]    [7fef8767a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]            [7fef8766c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef87677bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]        [7fef8767064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef8766544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1556] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef8765e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread  [1284:1604]                                                                                                                                                                                0000000077763e45
Thread  [1284:1612]                                                                                                                                                                                0000000076947587
Thread  [1284:1616]                                                                                                                                                                                000000007346c59c
Thread  [1284:1632]                                                                                                                                                                                000000007346c59c
Thread  [1284:1636]                                                                                                                                                                                000000007346c59c

---- EOF - GMER 2.0 ----
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 08.02.2013 13:44:00 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,04% Memory free
7,98 Gb Paging File | 6,11 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 232,02 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.02.07 09:35:14 | 001,180,200 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.26 19:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:33:37 | 012,459,888 | ---- | M] () -- C:\Users\mischa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.29 13:06:50 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\NlsDbta004a.exe -- (ie4ujnit)
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.25 02:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tl=gcn17189&tt=280812_2003_3512_1&babsrc=SP_ss&mntrId=e21ed1c00000000000001c4bd65ecdb0
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800
IE - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=e21ed1c00000000000001c4bd65ecdb0&tlver=1.6.9.12&instlRef=sst&babTrack&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Google"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "about:home"
 
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2012.08.30 13:17:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014 [2012.08.10 14:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 12:46:38 | 000,002,353 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Funmoods.xml
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
[2012.03.29 13:23:27 | 000,001,210 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\search.xml
[2012.06.03 20:21:53 | 000,004,002 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\sweetim.xml
[2011.10.23 09:34:47 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.08 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
[2013.02.08 09:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013.02.08 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:01:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:59:59 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.02.03 12:59:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.02.03 12:59:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.02.03 12:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.11 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Thunderbird
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mischa\AppData\Roaming\*.tmp files -> C:\Users\mischa\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.08 13:45:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 13:45:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 13:41:16 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:36:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 13:36:48 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.08 13:36:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 13:36:39 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:34:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | M] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:25:46 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
[2013.01.10 08:54:49 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 00:32:08 | 001,521,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 00:32:08 | 000,654,684 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 00:32:08 | 000,616,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 00:32:08 | 000,130,524 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 00:32:08 | 000,106,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 16:19:18 | 001,275,487 | ---- | M] () -- C:\Users\mischa\Documents\IMG_1338.JPG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\mischa\AppData\Roaming\*.tmp files -> C:\Users\mischa\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | C] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.08 09:25:46 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.09 15:57:22 | 001,275,487 | ---- | C] () -- C:\Users\mischa\Documents\IMG_1338.JPG
[2012.08.27 19:18:58 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.01 16:36:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.20 20:19:20 | 000,000,016 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\blckdom.res
[2012.07.19 19:33:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.16 19:51:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.07 07:06:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.06.29 19:01:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.07 16:53:25 | 000,000,044 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\urhtps.dat
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\L
[2013.02.08 10:29:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U
[2012.07.30 19:49:02 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\00000004.@
[2012.07.30 19:59:47 | 000,002,048 | -HS- | M] () -- C:\Users\mischa\AppData\Local\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\mischa\AppData\Local\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\mischa\AppData\Local\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.07.30 19:48:45 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012.07.30 19:48:45 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\mischa\AppData\Local\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
--- --- ---

mischamo 08.02.2013 13:58
Sorry .....OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.02.2013 13:44:00 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,04% Memory free
7,98 Gb Paging File | 6,11 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 232,02 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.21
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1435074266-3387115179-3275037125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.01.2013 07:43:30 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: jaucheck.exe, Version: 2.0.2.4, Zeitstempel:
 0x4bed9a14  Name des fehlerhaften Moduls: jaucheck.exe, Version: 2.0.2.4, Zeitstempel:
 0x4bed9a14  Ausnahmecode: 0x40000015  Fehleroffset: 0x0001a110  ID des fehlerhaften Prozesses:
 0xde0  Startzeit der fehlerhaften Anwendung: 0x01cdfd4cb006dab4  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Java\Java Update\jaucheck.exe
Berichtskennung:
 ef2a634b-693f-11e2-9455-00222009da7c
 
Error - 28.01.2013 15:42:46 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xf48  Startzeit der fehlerhaften Anwendung: 0x01cdfd8fa44abb77  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: e3365a1b-6982-11e2-9455-00222009da7c
 
Error - 28.01.2013 15:42:46 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NlsDbta004a.exe, Version: 1.0.0.1,
 Zeitstempel: 0x4fcb778e  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000013a7271
ID
 des fehlerhaften Prozesses: 0x748  Startzeit der fehlerhaften Anwendung: 0x01cdfd232795ee1c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\NlsDbta004a.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e38024c3-6982-11e2-9455-00222009da7c
 
Error - 30.01.2013 18:59:04 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xcd8  Startzeit der fehlerhaften Anwendung: 0x01cdff3d655160e3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a47a81a5-6b30-11e2-b277-00222009da7c
 
Error - 02.02.2013 08:19:30 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7ae7f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b8479b  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000000000009e5d
ID
 des fehlerhaften Prozesses: 0xab4  Startzeit der fehlerhaften Anwendung: 0x01ce011b24ef377c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: caa53dc0-6d32-11e2-b1b0-00222009da7c
 
Error - 03.02.2013 07:58:18 | Computer Name = mischa-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 04.02.2013 04:36:47 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MovieMaker.exe, Version: 16.4.3505.912,
 Zeitstempel: 0x50510f6d  Name des fehlerhaften Moduls: UIRibbon.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba15  Ausnahmecode: 0xc000001d  Fehleroffset: 0x00002044  ID des fehlerhaften
 Prozesses: 0xe54  Startzeit der fehlerhaften Anwendung: 0x01ce02b01ef7ad35  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\UIRibbon.dll  Berichtskennung: 02ac4394-6ea6-11e2-863a-00222009da7c
 
Error - 04.02.2013 04:36:47 | Computer Name = mischa-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Movie Maker wurde wegen dieses Fehlers geschlossen.

Programm:
 Movie Maker  Datei:    Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Netzwerk
befindet,  dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 04.02.2013 09:49:22 | Computer Name = mischa-PC | Source = Dvd Maker | ID = 155649001
Description =
 
Error - 08.02.2013 05:46:55 | Computer Name = mischa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msiexec.exe, Version: 5.0.7601.17514,
 Zeitstempel: 0x4ce79d93  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000013cb4
ID
 des fehlerhaften Prozesses: 0xd98  Startzeit der fehlerhaften Anwendung: 0x01ce05dc8b1b2c73
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\msiexec.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: 785a0a7c-71d4-11e2-8d4f-00222009da7c
 
[ Media Center Events ]
Error - 27.11.2011 14:08:32 | Computer Name = mischa-PC | Source = MCUpdate | ID = 0
Description = 19:08:31 - Fehler beim Herstellen der Internetverbindung.  19:08:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.11.2011 14:09:32 | Computer Name = mischa-PC | Source = MCUpdate | ID = 0
Description = 19:09:28 - Fehler beim Herstellen der Internetverbindung.  19:09:28
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 08.02.2013 06:39:51 | Computer Name = mischa-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.02.2013 06:39:51 | Computer Name = mischa-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.02.2013 06:40:41 | Computer Name = mischa-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 08.02.2013 06:43:39 | Computer Name = mischa-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.02.2013 06:43:39 | Computer Name = mischa-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.02.2013 06:43:39 | Computer Name = mischa-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 08.02.2013 08:16:04 | Computer Name = mischa-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 08.02.2013 08:16:04 | Computer Name = mischa-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 08.02.2013 08:36:43 | Computer Name = mischa-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.02.2013 08:36:43 | Computer Name = mischa-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---

aharonov 08.02.2013 16:25
Hi,

lade die Tools bitte immer direkt auf den Desktop und starte sie von dort.
Da sieht man eine ganze Menge in den Logs.. Fangen wir an:


Schritt 1

Geh zu Start --> Systemsteuerung --> Programme und Funktionen und versuche folgenden Eintrag zu deinstallieren:
  • SpyHunter
Wenn's nicht klappt, mach einfach mit dem nächsten Schritt weiter.



Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 3

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix

mischamo 09.02.2013 09:42
Guten MorgenAdwCleaner Logfile:
Code:
# AdwCleaner v2.111 - Datei am 09/02/2013 um 09:20:55 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mischa - MISCHA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mischa\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Datei : C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14040 octets] - [09/02/2013 01:20:24]
AdwCleaner[S2].txt - [940 octets] - [09/02/2013 09:20:55]

########## EOF - C:\AdwCleaner[S2].txt - [999 octets] ##########
--- --- ---
Combofix Logfile:
Code:
ComboFix 13-02-07.02 - mischa 09.02.2013  9:33.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4085.2424 [GMT 1:00]
ausgeführt von:: c:\users\mischa\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-09 bis 2013-02-09  ))))))))))))))))))))))))))))))
.
.
2013-02-09 08:39 . 2013-02-09 08:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-09 08:33 . 2013-02-09 08:33        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B5EDC8-7932-4FA1-BEB7-5B8D767145C7}\offreg.dll
2013-02-09 04:57 . 2013-01-18 11:15        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B5EDC8-7932-4FA1-BEB7-5B8D767145C7}\mpengine.dll
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\users\mischa\AppData\Roaming\Malwarebytes
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-08 09:19 . 2013-02-08 12:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-08 09:19 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-08 09:18 . 2013-02-08 09:18        --------        d-----w-        c:\users\mischa\AppData\Local\Programs
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-02-08 08:39 . 2013-02-08 08:47        --------        d-----w-        c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-08 08:25 . 2013-02-09 08:24        --------        d-----w-        c:\users\mischa\AppData\Roaming\Wise Care 365
2013-02-08 08:25 . 2013-02-08 08:25        --------        d-----w-        c:\program files (x86)\Wise
2013-02-03 12:03 . 2013-02-03 12:03        --------        d-----w-        c:\windows\de
2013-02-03 12:01 . 2012-09-12 14:20        57856        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2013-02-03 12:00 . 2013-02-03 12:02        --------        d-----w-        c:\program files (x86)\Windows Live
2013-02-03 11:59 . 2010-06-02 03:55        77656        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\SysWow64\XAudio2_7.dll
2013-02-03 11:59 . 2010-06-02 03:55        518488        ----a-w-        c:\windows\system32\XAudio2_7.dll
2013-02-03 11:59 . 2010-05-26 10:41        276832        ----a-w-        c:\windows\system32\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2526056        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\SysWow64\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\SysWow64\D3DCompiler_43.dll
2013-02-03 11:59 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll
2013-02-03 11:59 . 2009-09-04 16:29        523088        ----a-w-        c:\windows\system32\d3dx10_42.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\dsetup32.dll
2013-02-03 11:57 . 2013-02-08 21:14        --------        d-----w-        c:\users\mischa\AppData\Local\Windows Live
2013-01-11 07:53 . 2013-01-11 08:56        --------        d-----w-        c:\users\mischa\AppData\Local\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2011-10-15 17:26        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-09 23:29 . 2011-11-13 18:36        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 08:09        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:09        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-16 11:28 . 2012-12-16 11:28        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-16 11:28 . 2011-10-15 17:41        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-07 13:20 . 2013-01-09 09:21        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:21        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:21        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:21        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 09:20        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 09:20        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 09:20        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 09:20        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 09:20        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 09:20        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 09:20        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 09:20        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 09:20        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 ie4ujnit;eHome-Infrarotempfänger Intelligenter Leistungsindikator-DLL-Host;c:\windows\system32\NlsDbta004a.exe [2012-08-29 106496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-10 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 1088544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 08:29        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-02-08 08:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-23 9639424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-23 870912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} - file:///E:/CDVIEWER11/CdViewer.cab
FF - ProfilePath - c:\users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-09  09:41:36
ComboFix-quarantined-files.txt  2013-02-09 08:41
ComboFix2.txt  2013-02-09 00:45
.
Vor Suchlauf: 24 Verzeichnis(se), 249.266.282.496 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 249.062.203.392 Bytes frei
.
- - End Of File - - 0C8B85DCD50765B2EF05A2C5FE7D6735
--- --- ---

aharonov 09.02.2013 11:26
Hey,

ich hab gesehen, dass du diese beiden Scans zwei Mal ausgeführt hast.
Kannst du mir bitte noch die beiden Logfiles von den ersten Durchläufen posten?
Beim AdwCleaner ist das die Datei C:\AdwCleaner[S1].txt.
Und bei Combofix findest du das erste Log unter C:\Qoobox\ComboFix2.txt.

Vor allem das Combofix-Log wäre wichtig für mich zu sehen. Beim AdwCleaner ist's egal, wenn du das Log nicht mehr findest.

mischamo 09.02.2013 14:25
Gerne...i

Combofix Logfile:
Code:
ComboFix 13-02-07.02 - mischa 09.02.2013  1:31.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4085.2747 [GMT 1:00]
ausgeführt von:: c:\users\mischa\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
c:\programdata\ism_0_llatsni.pad
c:\programdata\l_u0_0.pad
c:\programdata\pmt_0piot.pad
c:\programdata\ras_0oed.pad
c:\programdata\to_r0tsef.pad
c:\users\mischa\AppData\Roaming\AcroIEHelpe.txt
c:\users\mischa\AppData\Roaming\Help\coredb\storage
c:\users\mischa\AppData\Roaming\srvblck5.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\@
c:\windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\00000004.@
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-09 bis 2013-02-09  ))))))))))))))))))))))))))))))
.
.
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\users\mischa\AppData\Roaming\Malwarebytes
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-08 09:19 . 2013-02-08 12:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-08 09:19 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-08 09:18 . 2013-02-08 09:18        --------        d-----w-        c:\users\mischa\AppData\Local\Programs
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-02-08 08:39 . 2013-02-08 08:47        --------        d-----w-        c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-08 08:25 . 2013-02-09 00:40        --------        d-----w-        c:\users\mischa\AppData\Roaming\Wise Care 365
2013-02-08 08:25 . 2013-02-08 08:25        --------        d-----w-        c:\program files (x86)\Wise
2013-02-03 12:03 . 2013-02-03 12:03        --------        d-----w-        c:\windows\de
2013-02-03 12:01 . 2012-09-12 14:20        57856        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2013-02-03 12:00 . 2013-02-03 12:02        --------        d-----w-        c:\program files (x86)\Windows Live
2013-02-03 11:59 . 2010-06-02 03:55        77656        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\SysWow64\XAudio2_7.dll
2013-02-03 11:59 . 2010-06-02 03:55        518488        ----a-w-        c:\windows\system32\XAudio2_7.dll
2013-02-03 11:59 . 2010-05-26 10:41        276832        ----a-w-        c:\windows\system32\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2526056        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\SysWow64\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\SysWow64\D3DCompiler_43.dll
2013-02-03 11:59 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll
2013-02-03 11:59 . 2009-09-04 16:29        523088        ----a-w-        c:\windows\system32\d3dx10_42.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\dsetup32.dll
2013-02-03 11:57 . 2013-02-08 21:14        --------        d-----w-        c:\users\mischa\AppData\Local\Windows Live
2013-01-11 07:53 . 2013-01-11 08:56        --------        d-----w-        c:\users\mischa\AppData\Local\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 23:29 . 2011-11-13 18:36        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 08:09        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:09        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-16 11:28 . 2012-12-16 11:28        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-16 11:28 . 2011-10-15 17:41        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-07 13:20 . 2013-01-09 09:21        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:21        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:21        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:21        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 09:20        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 09:20        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 09:20        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 09:20        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 09:20        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 09:20        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 09:20        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 09:20        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 09:20        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 ie4ujnit;eHome-Infrarotempfänger Intelligenter Leistungsindikator-DLL-Host;c:\windows\system32\NlsDbta004a.exe [2012-08-29 106496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-10 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 1088544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 08:29        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-02-08 08:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-23 9639424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-23 870912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} - file:///E:/CDVIEWER11/CdViewer.cab
FF - ProfilePath - c:\users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-09  01:45:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-09 00:45
.
Vor Suchlauf: 16 Verzeichnis(se), 249.710.780.416 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 249.552.105.472 Bytes frei
.
- - End Of File - - EB59E727B5D88F54BFA76B6EC6470044
--- --- ---AdwCleaner Logfile:
Code:
# AdwCleaner v2.111 - Datei am 09/02/2013 um 01:20:24 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mischa - MISCHA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mischa\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\mischa\AppData\Local\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\searchplugins\search.xml
Datei Gelöscht : C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\mischa\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\mischa\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\mischa\AppData\Roaming\Funmoods

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutC0CyE0B0DyCyD0E0C0D0BtD0DtC0CtDtN0D0Tzu0CtAyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1844566800 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Datei : C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\prefs.js

C:\Users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=109958&tl=gcn17189&tt=280812_2003_3512_1");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Gelöscht : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "9BC187DF9C4808B2E75AAE563AFE2A42");
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "e21ed1c00000000000001c4bd65ecdb0");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15581");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1214:06:46");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1214:06:46");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tl=gcn17189&tt=280812_2003_3512_1");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1214:06:46");
Gelöscht : user_pref("extensions.facemoods._xpiupdate", true);
Gelöscht : user_pref("extensions.facemoods.aflt", "_#wbst");
Gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Gelöscht : user_pref("extensions.facemoods.first_time", false);
Gelöscht : user_pref("extensions.facemoods.id", "_#203576a672c140a78f413216e18b5e01");
Gelöscht : user_pref("extensions.facemoods.instlDay", "_#15270");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gelöscht : user_pref("extensions.facemoods.sid", "_#203576a672c140a78f413216e18b5e01");
Gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Gelöscht : user_pref("extensions.funmoods.aflt", "ironpub12");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "099F182FBA9E8E50120210ECCE72D4D4");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd[...]
Gelöscht : user_pref("extensions.funmoods.id", "1C4BD65ECDB0D1C0");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15683");
Gelöscht : user_pref("extensions.funmoods.instlRef", "ironpub12");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:8:6");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub1[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:8:6");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:8:6");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=e21ed1c00000000000001c4bd65[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006&st=12&barid={77E1[...]

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [13927 octets] - [09/02/2013 01:20:24]

########## EOF - C:\AdwCleaner[S1].txt - [13988 octets] ##########
--- --- ---

aharonov 09.02.2013 15:27
Hey,

ok, weiter geht's:


Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschliesslich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link.
  • Speichere es erneut auf den Desktop (wichtig!).
  • Drücke die Windows + R Taste, schreibe notepad in das Ausführen Fenster und drücke OK.
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    http://www.trojaner-board.de/130779-spyhunter-4-optimizer-pro.html#post1008896

    Driver::
    ie4ujnit

    Folder::
    c:\windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}
    c:\Users\mischa\AppData\Local\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}

    Collect::
    c:\windows\system32\NlsDbta004a.exe
  • Speichere dies als CFScript.txt auf deinen Desktop.
  • Wichtig: Stelle deine Antiviren-Software temporär ab. Diese kann ComboFix bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schliesse alle anderen laufenden Programme, damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
    http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist, wird es ein Log erstellen (C:\ComboFix.txt).
  • Bitte füge den Inhalt dieses Logs in deine Antwort ein.
Hinweis: Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2

Starte bitte die OTL.exe.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von OTL

mischamo 09.02.2013 17:44
Irgendwie wird immer ein Neustart erzwungen und combofix. startet erneut.Warum auch immer.
OTL Logfile:
Code:
OTL logfile created on: 09.02.2013 17:34:28 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,72% Memory free
7,98 Gb Paging File | 6,26 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 231,32 Gb Free Space | 54,47% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.02.07 09:35:14 | 001,180,200 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.25 02:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2012.08.30 13:17:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014 [2012.08.10 14:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.09 16:57:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.09 17:30:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.09 16:45:56 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 01:28:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 01:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 01:28:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 01:26:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.08 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
[2013.02.08 09:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013.02.08 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.11 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Thunderbird
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 17:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.09 17:29:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 17:29:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 17:19:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.09 17:19:03 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.09 17:18:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 17:18:49 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 16:57:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.09 16:46:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 09:19:57 | 000,001,501 | ---- | M] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.08 13:41:16 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | M] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:25:46 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 09:19:57 | 000,001,501 | ---- | C] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.09 01:28:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 01:28:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 01:28:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 01:28:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 01:28:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | C] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.08 09:25:46 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2012.07.20 20:19:20 | 000,000,016 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\blckdom.res
[2012.06.07 16:53:25 | 000,000,044 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\urhtps.dat
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.24 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.009
[2012.06.25 17:39:58 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.011
[2012.06.29 11:05:38 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.012
[2012.07.01 17:28:45 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.013
[2012.07.03 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.014
[2012.07.04 18:33:31 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.015
[2012.07.05 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.016
[2012.07.06 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.017
[2012.07.08 07:35:09 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.018
[2012.07.09 07:13:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.019
[2012.07.09 11:31:16 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.020
[2012.07.10 15:40:37 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.021
[2012.07.11 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.022
[2012.07.12 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.023
[2012.07.14 06:52:48 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.024
[2012.07.15 07:07:23 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.025
[2012.07.18 09:13:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.026
[2012.07.18 23:19:28 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.027
[2012.07.21 07:45:40 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.028
[2012.06.07 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13002
[2012.06.09 07:09:23 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13003
[2012.06.12 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13004
[2012.06.14 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13005
[2012.06.15 22:41:14 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13006
[2012.06.18 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13007
[2012.06.19 16:05:00 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13008
[2012.07.21 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.002
[2012.07.23 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.003
[2012.07.25 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.004
[2012.07.27 21:10:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.005
[2012.07.28 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.006
[2012.07.30 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.007
[2012.07.31 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.008
[2012.08.06 16:05:32 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.009
[2012.08.07 12:35:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.010
[2012.08.08 13:00:31 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.011
[2012.08.09 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.012
[2012.08.10 12:29:43 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.013
[2012.08.10 14:24:07 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.014
[2012.08.30 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Diwii
[2013.02.08 09:33:26 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Dropbox
[2012.08.27 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Fuushe
[2012.12.06 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\JDownloaderDownloadManagerPackages
[2012.06.07 08:55:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\kock
[2011.11.02 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\OpenOffice.org
[2012.08.30 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Saiwy
[2012.03.17 09:25:34 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\TeamViewer
[2012.07.26 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Thunderbird
[2012.06.11 07:06:22 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\UAs
[2013.02.09 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
[2012.07.19 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Wuatly
[2012.08.29 07:28:14 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\xmldm
[2012.07.16 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Ykyqv
[2012.07.17 06:49:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Yvar
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
--- --- ---Combofix Logfile:
Code:
ComboFix 13-02-07.02 - mischa 09.02.2013  17:22:24.4.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4085.2726 [GMT 1:00]
ausgeführt von:: c:\users\mischa\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-09 bis 2013-02-09  ))))))))))))))))))))))))))))))
.
.
2013-02-09 16:30 . 2013-02-09 16:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-09 04:57 . 2013-01-18 11:15        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B5EDC8-7932-4FA1-BEB7-5B8D767145C7}\mpengine.dll
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\users\mischa\AppData\Roaming\Malwarebytes
2013-02-08 09:19 . 2013-02-08 09:19        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-08 09:19 . 2013-02-08 12:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-08 09:19 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-08 09:18 . 2013-02-08 09:18        --------        d-----w-        c:\users\mischa\AppData\Local\Programs
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-02-08 08:40 . 2013-02-08 08:40        110080        ----a-r-        c:\users\mischa\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-02-08 08:39 . 2013-02-09 13:19        --------        d-----w-        c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-08 08:25 . 2013-02-09 16:19        --------        d-----w-        c:\users\mischa\AppData\Roaming\Wise Care 365
2013-02-08 08:25 . 2013-02-08 08:25        --------        d-----w-        c:\program files (x86)\Wise
2013-02-03 12:03 . 2013-02-03 12:03        --------        d-----w-        c:\windows\de
2013-02-03 12:01 . 2012-09-12 14:20        57856        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2013-02-03 12:00 . 2013-02-03 12:02        --------        d-----w-        c:\program files (x86)\Windows Live
2013-02-03 11:59 . 2010-06-02 03:55        77656        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_5.dll
2013-02-03 11:59 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\SysWow64\XAudio2_7.dll
2013-02-03 11:59 . 2010-06-02 03:55        518488        ----a-w-        c:\windows\system32\XAudio2_7.dll
2013-02-03 11:59 . 2010-05-26 10:41        276832        ----a-w-        c:\windows\system32\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2526056        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\SysWow64\d3dx11_43.dll
2013-02-03 11:59 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\SysWow64\D3DCompiler_43.dll
2013-02-03 11:59 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll
2013-02-03 11:59 . 2009-09-04 16:29        523088        ----a-w-        c:\windows\system32\d3dx10_42.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\a003385c1ce020504\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        94040        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        525656        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1691480        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\9d4b883c1ce020503\dsetup32.dll
2013-02-03 11:57 . 2013-02-03 11:57        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DSETUP.dll
2013-02-03 11:57 . 2013-02-03 11:57        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\DXSETUP.exe
2013-02-03 11:57 . 2013-02-03 11:57        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\93d49a621ce020501\dsetup32.dll
2013-02-03 11:57 . 2013-02-08 21:14        --------        d-----w-        c:\users\mischa\AppData\Local\Windows Live
2013-01-11 07:53 . 2013-01-11 08:56        --------        d-----w-        c:\users\mischa\AppData\Local\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2011-10-15 17:26        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-09 23:29 . 2011-11-13 18:36        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 08:09        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:09        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:09        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-16 11:28 . 2012-12-16 11:28        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-16 11:28 . 2011-10-15 17:41        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-07 13:20 . 2013-01-09 09:21        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:21        2746368        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:21        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:21        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:21        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:21        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:21        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:21        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:21        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:21        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:21        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:21        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:21        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:21        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:21        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 09:21        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 09:20        362496        ----a-w-        c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 09:20        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 09:20        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 09:20        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 09:20        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 09:20        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 09:20        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 09:20        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 09:20        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 09:20        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 09:20        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-10 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 1088544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 08:29        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08 10:09]
.
2013-02-09 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-02-08 08:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\mischa\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-23 9639424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-23 870912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} - file:///E:/CDVIEWER11/CdViewer.cab
FF - ProfilePath - c:\users\mischa\AppData\Roaming\Mozilla\Firefox\Profiles\gfnwj2jv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-09  17:32:33
ComboFix-quarantined-files.txt  2013-02-09 16:32
ComboFix2.txt  2013-02-09 16:17
ComboFix3.txt  2013-02-09 08:41
ComboFix4.txt  2013-02-09 00:45
.
Vor Suchlauf: 24 Verzeichnis(se), 248.356.671.488 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 248.280.866.816 Bytes frei
.
- - End Of File - - 237EADB30AC07472737152A993A30CCA
--- --- ---

aharonov 09.02.2013 22:18
Hey,

es wird langsam besser. Bleibt aber schon noch ein bisschen was zu tun.
Wie läuft denn der Rechner jetzt? Hast du noch Probleme?
In den Logs sieht man, dass du dir in letzter Zeit jede Menge Malware eingefangen hast, darunter auch ziemlich unschöne. Wir sollten dann später auch unbedingt den Rechner ein bisschen absichern, bevor noch mehr reinkommt..


Warnung: Information Stealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hattest, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
[2012.06.24 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.009
[2012.06.25 17:39:58 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.011
[2012.06.29 11:05:38 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.012
[2012.07.01 17:28:45 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.013
[2012.07.03 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.014
[2012.07.04 18:33:31 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.015
[2012.07.05 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.016
[2012.07.06 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.017
[2012.07.08 07:35:09 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.018
[2012.07.09 07:13:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.019
[2012.07.09 11:31:16 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.020
[2012.07.10 15:40:37 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.021
[2012.07.11 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.022
[2012.07.12 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.023
[2012.07.14 06:52:48 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.024
[2012.07.15 07:07:23 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.025
[2012.07.18 09:13:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.026
[2012.07.18 23:19:28 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.027
[2012.07.21 07:45:40 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13001.028
[2012.06.07 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13002
[2012.06.09 07:09:23 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13003
[2012.06.12 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13004
[2012.06.14 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13005
[2012.06.15 22:41:14 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13006
[2012.06.18 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13007
[2012.06.19 16:05:00 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\13008
[2012.07.21 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.002
[2012.07.23 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.003
[2012.07.25 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.004
[2012.07.27 21:10:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.005
[2012.07.28 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.006
[2012.07.30 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.007
[2012.07.31 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.008
[2012.08.06 16:05:32 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.009
[2012.08.07 12:35:33 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.010
[2012.08.08 13:00:31 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.011
[2012.08.09 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.012
[2012.08.10 12:29:43 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.013
[2012.08.10 14:24:07 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\14001.014
[2012.06.07 08:55:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\kock
[2012.06.11 07:06:22 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\UAs
[2012.07.19 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Wuatly
[2012.08.29 07:28:14 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\xmldm
[2012.06.07 16:53:25 | 000,000,044 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\urhtps.dat
[2012.07.16 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Ykyqv
[2012.07.17 06:49:20 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Yvar
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
[2012.07.20 20:19:20 | 000,000,016 | ---- | C] () -- C:\Users\mischa\AppData\Roaming\blckdom.res

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner ein Logfile (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste dessen Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 3
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 4

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 5

Starte bitte die OTL.exe.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAR
  • Log von MBAM
  • Log von ESET
  • Log von OTL

mischamo 10.02.2013 09:39
Hey,

das ist ja mehr als sch....ich hoffe es besteht keine unmittelbare Gefahr für meine Daten.Mein Umgang war wohl etwas leichtfertig......

Aus meiner Sicht läuft der Rechner gut aber ich bin Laie und SpyHunter4 ist noch da..

Zwischendurch auch schon mal mein Dank an dich !

All processes killed
========== OTL ==========
C:\Users\mischa\AppData\Roaming\13001.009\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.009 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.011\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.011 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.012\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.012 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.013\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.013 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.014\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.014 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.015\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.015 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.017\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.017 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.018\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.018 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.019\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.019 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.020\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.020 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.021\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.021 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.022\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.022 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.028\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.028 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13002\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13002 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13003\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13003 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13004\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13004 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13005\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13005 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13006\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13006 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13007\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13007 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13008\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13008 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.002\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.002 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.003\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.003 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.004\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.004 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.005\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.005 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.006\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.006 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.007\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.007 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.008\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.008 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.009\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.009 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.010\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.010 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.011\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.011 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.012\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.012 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.013\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.013 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.014\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.014 folder moved successfully.
C:\Users\mischa\AppData\Roaming\kock folder moved successfully.
C:\Users\mischa\AppData\Roaming\UAs folder moved successfully.
C:\Users\mischa\AppData\Roaming\Wuatly folder moved successfully.
C:\Users\mischa\AppData\Roaming\xmldm folder moved successfully.
C:\Users\mischa\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\mischa\AppData\Roaming\Ykyqv folder moved successfully.
C:\Users\mischa\AppData\Roaming\Yvar folder moved successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
C:\Users\mischa\AppData\Roaming\blckdom.res moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mischa
->Temp folder emptied: 3024 bytes
->Temporary Internet Files folder emptied: 3949654 bytes
->Java cache emptied: 1364735 bytes
->FireFox cache emptied: 80463285 bytes
->Google Chrome cache emptied: 115930941 bytes
->Flash cache emptied: 616 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3613801 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 196,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02092013_232300

Files\Folders moved on Reboot...
C:\Users\mischa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mischa :: MISCHA-PC [administrator]

09.02.2013 23:47:20
mbar-log-2013-02-09 (23-47-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28625
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\mischa\Downloads\triggerfinger__all_this_dancin_around_2012_id3637671id.exe (PUP.Adware.MediaGet) -> Delete on reboot.

(end)
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mischa :: MISCHA-PC [administrator]

10.02.2013 00:13:05
mbar-log-2013-02-10 (00-13-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28588
Time elapsed: 19 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
2013/02/10 00:17:59 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:18:00 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:18:10 +0100 MISCHA-PC mischa MESSAGE Protection stopped
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Starting protection
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Protection started successfully
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Starting IP protection
2013/02/10 00:18:24 +0100 MISCHA-PC mischa MESSAGE IP Protection started successfully
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE Starting database refresh
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:18:40 +0100 MISCHA-PC mischa MESSAGE Database refreshed successfully
2013/02/10 00:18:40 +0100 MISCHA-PC mischa MESSAGE Starting IP protection
2013/02/10 00:18:45 +0100 MISCHA-PC mischa MESSAGE IP Protection started successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Stopping protection
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Protection stopped successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Protection stopped
C:\Qoobox\Quarantine\C\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Users\mischa\Documents\Mischa Windows Old\AppData\Local\Temp\Low\Recycle.Bi\12A5481B0BFE8C4 Win32/Spy.SpyEye.CFG.A trojan
C:\_OTL\MovedFiles\02092013_232300\C_Users\mischa\AppData\Roaming\14001.014\components\AcroFF014.dll a variant of Win32/Spy.Banker.YIL trojanOTL Logfile:
Code:
OTL logfile created on: 10.02.2013 08:38:55 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,26% Memory free
7,98 Gb Paging File | 6,07 Gb Available in Paging File | 76,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 230,92 Gb Free Space | 54,38% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:33:37 | 012,459,888 | ---- | M] () -- C:\Users\mischa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.25 02:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2012.08.30 13:17:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.09 16:57:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.10 00:23:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:16:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:32:39 | 006,292,552 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.09 23:32:39 | 002,169,416 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.09 23:32:39 | 002,030,664 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.09 23:32:39 | 001,363,528 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.09 23:32:39 | 001,093,192 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.09 23:32:39 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.09 23:32:39 | 000,500,296 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Languages
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\imageformats
[2013.02.09 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Data
[2013.02.09 23:23:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.09 17:30:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.09 16:45:56 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 01:28:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 01:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 01:28:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 01:26:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.08 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
[2013.02.08 09:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013.02.08 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.11 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 08:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.10 00:23:50 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.10 00:23:05 | 002,347,384 | ---- | M] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:18:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.10 00:16:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:57:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 23:57:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 23:49:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.09 23:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 23:49:22 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 23:31:12 | 013,711,621 | ---- | M] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 16:57:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.09 16:46:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 09:19:57 | 000,001,501 | ---- | M] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.08 13:41:16 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 09:40:53 | 000,002,264 | ---- | M] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:25:46 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.05 14:50:22 | 006,292,552 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.05 14:50:22 | 002,169,416 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.05 14:50:22 | 002,030,664 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.05 14:50:22 | 001,093,192 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.05 14:50:21 | 000,500,296 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.05 14:50:19 | 001,363,528 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.05 14:50:19 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 23:32:40 | 000,540,917 | ---- | C] () -- C:\Users\mischa\Desktop\ReadMe.rtf
[2013.02.09 23:32:39 | 000,067,432 | ---- | C] () -- C:\Users\mischa\Desktop\License.rtf
[2013.02.09 23:30:52 | 013,711,621 | ---- | C] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 09:19:57 | 000,001,501 | ---- | C] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.09 01:28:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 01:28:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 01:28:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 01:28:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 01:28:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | C] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.08 09:25:46 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Diwii
[2013.02.08 09:33:26 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Dropbox
[2012.08.27 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Fuushe
[2012.12.06 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\JDownloaderDownloadManagerPackages
[2011.11.02 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\OpenOffice.org
[2012.08.30 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Saiwy
[2012.03.17 09:25:34 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\TeamViewer
[2012.07.26 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Thunderbird
[2013.02.09 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Hey,

das ist ja mehr als sch....ich hoffe es besteht keine unmittelbare Gefahr für meine Daten.Mein Umgang war wohl etwas leichtfertig......

Aus meiner Sicht läuft der Rechner gut aber ich bin Laie und SpyHunter4 ist noch da..

Zwischendurch auch schon mal mein Dank an dich !

All processes killed
========== OTL ==========
C:\Users\mischa\AppData\Roaming\13001.009\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.009 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.011\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.011 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.012\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.012 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.013\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.013 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.014\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.014 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.015\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.015 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.017\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.017 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.018\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.018 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.019\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.019 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.020\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.020 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.021\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.021 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.022\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.022 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.028\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13001.028 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13002\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13002 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13003\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13003 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13004\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13004 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13005\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13005 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13006\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13006 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13007\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13007 folder moved successfully.
C:\Users\mischa\AppData\Roaming\13008\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\13008 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.002\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.002 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.003\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.003 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.004\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.004 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.005\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.005 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.006\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.006 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.007\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.007 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.008\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.008 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.009\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.009 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.010\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.010 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.011\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.011 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.012\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.012 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.013\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.013 folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.014\components folder moved successfully.
C:\Users\mischa\AppData\Roaming\14001.014 folder moved successfully.
C:\Users\mischa\AppData\Roaming\kock folder moved successfully.
C:\Users\mischa\AppData\Roaming\UAs folder moved successfully.
C:\Users\mischa\AppData\Roaming\Wuatly folder moved successfully.
C:\Users\mischa\AppData\Roaming\xmldm folder moved successfully.
C:\Users\mischa\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\mischa\AppData\Roaming\Ykyqv folder moved successfully.
C:\Users\mischa\AppData\Roaming\Yvar folder moved successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
C:\Users\mischa\AppData\Roaming\blckdom.res moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mischa
->Temp folder emptied: 3024 bytes
->Temporary Internet Files folder emptied: 3949654 bytes
->Java cache emptied: 1364735 bytes
->FireFox cache emptied: 80463285 bytes
->Google Chrome cache emptied: 115930941 bytes
->Flash cache emptied: 616 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3613801 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 196,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02092013_232300

Files\Folders moved on Reboot...
C:\Users\mischa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mischa :: MISCHA-PC [administrator]

09.02.2013 23:47:20
mbar-log-2013-02-09 (23-47-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28625
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\mischa\Downloads\triggerfinger__all_this_dancin_around_2012_id3637671id.exe (PUP.Adware.MediaGet) -> Delete on reboot.

(end)
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mischa :: MISCHA-PC [administrator]

10.02.2013 00:13:05
mbar-log-2013-02-10 (00-13-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28588
Time elapsed: 19 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
2013/02/10 00:17:59 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:18:00 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:18:10 +0100 MISCHA-PC mischa MESSAGE Protection stopped
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Starting protection
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Protection started successfully
2013/02/10 00:18:21 +0100 MISCHA-PC mischa MESSAGE Starting IP protection
2013/02/10 00:18:24 +0100 MISCHA-PC mischa MESSAGE IP Protection started successfully
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE Starting database refresh
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:18:37 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:18:40 +0100 MISCHA-PC mischa MESSAGE Database refreshed successfully
2013/02/10 00:18:40 +0100 MISCHA-PC mischa MESSAGE Starting IP protection
2013/02/10 00:18:45 +0100 MISCHA-PC mischa MESSAGE IP Protection started successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Stopping protection
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Protection stopped successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Stopping IP protection
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE IP Protection stopped successfully
2013/02/10 00:23:43 +0100 MISCHA-PC mischa MESSAGE Protection stopped
C:\Qoobox\Quarantine\C\Windows\Installer\{b9108c6b-a523-9cc9-f8d0-5a2152aedf5a}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Users\mischa\Documents\Mischa Windows Old\AppData\Local\Temp\Low\Recycle.Bi\12A5481B0BFE8C4 Win32/Spy.SpyEye.CFG.A trojan
C:\_OTL\MovedFiles\02092013_232300\C_Users\mischa\AppData\Roaming\14001.014\components\AcroFF014.dll a variant of Win32/Spy.Banker.YIL trojanOTL Logfile:
Code:
OTL logfile created on: 10.02.2013 08:38:55 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,26% Memory free
7,98 Gb Paging File | 6,07 Gb Available in Paging File | 76,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 230,92 Gb Free Space | 54,38% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:33:37 | 012,459,888 | ---- | M] () -- C:\Users\mischa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.25 02:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2012.08.30 13:17:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.09 16:57:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.10 00:23:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:16:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:32:39 | 006,292,552 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.09 23:32:39 | 002,169,416 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.09 23:32:39 | 002,030,664 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.09 23:32:39 | 001,363,528 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.09 23:32:39 | 001,093,192 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.09 23:32:39 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.09 23:32:39 | 000,500,296 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Languages
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\imageformats
[2013.02.09 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Data
[2013.02.09 23:23:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.09 17:30:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.09 16:45:56 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 01:28:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 01:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 01:28:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 01:26:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.08 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
[2013.02.08 09:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013.02.08 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.11 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 08:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.10 00:23:50 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.10 00:23:05 | 002,347,384 | ---- | M] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:18:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.10 00:16:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:57:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 23:57:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 23:49:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.09 23:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 23:49:22 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 23:31:12 | 013,711,621 | ---- | M] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 16:57:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.09 16:46:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 09:19:57 | 000,001,501 | ---- | M] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.08 13:41:16 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 09:40:53 | 000,002,264 | ---- | M] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:25:46 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.05 14:50:22 | 006,292,552 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.05 14:50:22 | 002,169,416 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.05 14:50:22 | 002,030,664 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.05 14:50:22 | 001,093,192 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.05 14:50:21 | 000,500,296 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.05 14:50:19 | 001,363,528 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.05 14:50:19 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 23:32:40 | 000,540,917 | ---- | C] () -- C:\Users\mischa\Desktop\ReadMe.rtf
[2013.02.09 23:32:39 | 000,067,432 | ---- | C] () -- C:\Users\mischa\Desktop\License.rtf
[2013.02.09 23:30:52 | 013,711,621 | ---- | C] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 09:19:57 | 000,001,501 | ---- | C] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.09 01:28:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 01:28:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 01:28:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 01:28:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 01:28:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:40:53 | 000,002,264 | ---- | C] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.08 09:25:46 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Diwii
[2013.02.08 09:33:26 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Dropbox
[2012.08.27 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Fuushe
[2012.12.06 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\JDownloaderDownloadManagerPackages
[2011.11.02 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\OpenOffice.org
[2012.08.30 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Saiwy
[2012.03.17 09:25:34 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\TeamViewer
[2012.07.26 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Thunderbird
[2013.02.09 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\mischa\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 10.02.2013 12:36
Hey,

Zitat:
ich hoffe es besteht keine unmittelbare Gefahr für meine Daten.
Eine unmittelbare Gefahr seh ich keine mehr. Aber in der Vergangenheit wurde reichlich mitgeloggt, das kann man nicht mehr rückgängig machen.. Ändere einfach jetzt alle Zugangsdaten und sei in Zukunft achtsamer, dass es nicht wieder passiert.

Wohl ein Hauptgrund für all die Malware auf deinem Rechner ist die veraltete Software, die du nutzt. Die müssen wir unbedingt jetzt noch updaten.


Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall Wise Care 365.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
[2013.02.08 09:40:53 | 000,002,264 | ---- | C] () -- C:\Users\mischa\Desktop\SpyHunter.lnk
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
[2013.02.08 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

:files
C:\Programme\Enigma Software Group
C:\Users\mischa\Documents\Mischa Windows Old\AppData\Local\Temp

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}"=-
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 13.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 4

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Überprüfe dann mit diesem Plugin-Check, ob nun deine verwendeten Versionen aktuell sind.



Schritt 5

Starte bitte die OTL.exe.
  • Unter Extra Registry, wähle Use SafeList.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Logs von OTL

mischamo 10.02.2013 14:18
========== OTL ==========
File C:\Users\mischa\Desktop\SpyHunter.lnk not found.
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Folder C:\Users\mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\ not found.
========== FILES ==========
File\Folder C:\Programme\Enigma Software Group not found.
File\Folder C:\Users\mischa\Documents\Mischa Windows Old\AppData\Local\Temp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02102013_134534OTL Logfile:
Code:
OTL logfile created on: 10.02.2013 14:04:04 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,92% Memory free
7,98 Gb Paging File | 6,19 Gb Available in Paging File | 77,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 229,88 Gb Free Space | 54,13% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:33:37 | 012,459,888 | ---- | M] () -- C:\Users\mischa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.10 14:00:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2013.02.10 14:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2013.02.10 14:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Users\mischa\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.09 16:57:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 14:00:25 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Firefox
[2013.02.10 13:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.10 13:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.10 13:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.10 13:51:51 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.10 13:51:51 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.10 13:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.10 13:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.10 13:51:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.10 13:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.10 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.10 00:23:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:16:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:32:39 | 006,292,552 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.09 23:32:39 | 002,169,416 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.09 23:32:39 | 002,030,664 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.09 23:32:39 | 001,363,528 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.09 23:32:39 | 001,093,192 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.09 23:32:39 | 000,774,728 | ---- | C] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcr100.dll
[2013.02.09 23:32:39 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.09 23:32:39 | 000,500,296 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.09 23:32:39 | 000,421,960 | ---- | C] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcp100.dll
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Languages
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\imageformats
[2013.02.09 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Data
[2013.02.09 23:23:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.09 17:30:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.09 16:45:56 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 01:28:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 01:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 01:28:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 01:26:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:01:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:59:59 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.02.03 12:59:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.02.03 12:59:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.02.03 12:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 13:55:48 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.10 13:51:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.10 13:51:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.10 13:51:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.10 13:51:30 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.10 13:51:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.10 13:51:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.10 13:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.10 13:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.10 13:30:54 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.10 10:57:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 10:57:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 10:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.10 10:49:07 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.10 09:03:59 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.10 00:23:05 | 002,347,384 | ---- | M] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:18:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.10 00:16:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:31:12 | 013,711,621 | ---- | M] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 16:57:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.09 16:46:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 09:19:57 | 000,001,501 | ---- | M] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.05 14:50:22 | 006,292,552 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.05 14:50:22 | 002,169,416 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.05 14:50:22 | 002,030,664 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.05 14:50:22 | 001,093,192 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.05 14:50:22 | 000,774,728 | ---- | M] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcr100.dll
[2013.02.05 14:50:22 | 000,421,960 | ---- | M] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcp100.dll
[2013.02.05 14:50:21 | 000,500,296 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.05 14:50:19 | 001,363,528 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.05 14:50:19 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 13:55:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.10 13:55:48 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.09 23:32:40 | 000,540,917 | ---- | C] () -- C:\Users\mischa\Desktop\ReadMe.rtf
[2013.02.09 23:32:39 | 000,067,432 | ---- | C] () -- C:\Users\mischa\Desktop\License.rtf
[2013.02.09 23:30:52 | 013,711,621 | ---- | C] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 09:19:57 | 000,001,501 | ---- | C] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.09 01:28:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 01:28:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 01:28:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 01:28:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 01:28:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 10.02.2013 14:04:04 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mischa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,92% Memory free
7,98 Gb Paging File | 6,19 Gb Available in Paging File | 77,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 229,88 Gb Free Space | 54,13% Space Free | Partition Type: NTFS
 
Computer Name: MISCHA-PC | User Name: mischa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mischa\Downloads\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 19:42:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:33:37 | 012,459,888 | ---- | M] () -- C:\Users\mischa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.10 14:00:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:31:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.09 07:31:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:31:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.19 16:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.01.10 17:49:30 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 0E 7E 74 5D 8B CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=5762&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2013.02.10 14:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Firefox\components [2013.02.10 14:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Users\mischa\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\mischa\AppData\Roaming\14001.014
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Users\mischa\AppData\Local\Mozilla Thunderbird\components [2013.01.11 08:53:55 | 000,000,000 | ---D | M]
 
[2011.10.15 19:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Extensions
[2012.12.28 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mischa\AppData\Roaming\mozilla\Firefox\Profiles\gfnwj2jv.default\extensions
[2012.12.09 09:30:58 | 000,003,576 | ---- | M] () -- C:\Users\mischa\AppData\Roaming\mozilla\firefox\profiles\gfnwj2jv.default\searchplugins\Google.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mischa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.09 16:57:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} file:///E:/CDVIEWER11/CdViewer.cab (AMI DicomDir TreeView Control 1.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER21/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1F19A2-A837-4E6C-A936-CE1FFB84DB86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 14:00:25 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Mozilla Firefox
[2013.02.10 13:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.10 13:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.10 13:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.10 13:51:51 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.10 13:51:51 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.10 13:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.10 13:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.10 13:51:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.10 13:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.10 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.10 00:23:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:16:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:32:39 | 006,292,552 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.09 23:32:39 | 002,169,416 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.09 23:32:39 | 002,030,664 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.09 23:32:39 | 001,363,528 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.09 23:32:39 | 001,093,192 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.09 23:32:39 | 000,774,728 | ---- | C] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcr100.dll
[2013.02.09 23:32:39 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.09 23:32:39 | 000,500,296 | ---- | C] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.09 23:32:39 | 000,421,960 | ---- | C] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcp100.dll
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Languages
[2013.02.09 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\imageformats
[2013.02.09 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\mischa\Desktop\Data
[2013.02.09 23:23:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.09 17:30:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.09 16:45:56 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 01:28:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 01:28:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 01:28:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 01:26:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 01:26:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Roaming\Malwarebytes
[2013.02.08 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:19:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.08 10:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.08 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Programs
[2013.02.03 15:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.03 13:03:24 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.03 13:01:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013.02.03 13:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.03 12:59:59 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.02.03 12:59:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.02.03 12:59:59 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.02.03 12:59:59 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.02.03 12:59:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.02.03 12:59:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.02.03 12:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.02.03 12:57:00 | 000,000,000 | ---D | C] -- C:\Users\mischa\AppData\Local\Windows Live
[2013.02.01 17:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 13:55:48 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.10 13:51:31 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.10 13:51:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.10 13:51:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.10 13:51:30 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.10 13:51:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.10 13:51:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.10 13:34:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.10 13:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.10 13:30:54 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.10 10:57:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 10:57:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 10:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.10 10:49:07 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.10 09:03:59 | 000,001,428 | ---- | M] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.10 00:23:05 | 002,347,384 | ---- | M] (ESET) -- C:\Users\mischa\Desktop\esetsmartinstaller_enu.exe
[2013.02.10 00:18:14 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.10 00:16:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\mischa\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013.02.09 23:31:12 | 013,711,621 | ---- | M] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 16:57:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.09 16:46:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\mischa\Desktop\ComboFix.exe
[2013.02.09 09:19:57 | 000,001,501 | ---- | M] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | M] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | M] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | M] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | M] () -- C:\Users\mischa\defogger_reenable
[2013.02.05 22:38:03 | 000,138,254 | ---- | M] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.05 14:50:22 | 006,292,552 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtGui4.dll
[2013.02.05 14:50:22 | 002,169,416 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamnet.dll
[2013.02.05 14:50:22 | 002,030,664 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Users\mischa\Desktop\QtCore4.dll
[2013.02.05 14:50:22 | 001,093,192 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbamcore.dll
[2013.02.05 14:50:22 | 000,774,728 | ---- | M] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcr100.dll
[2013.02.05 14:50:22 | 000,421,960 | ---- | M] (Microsoft Corporation) -- C:\Users\mischa\Desktop\msvcp100.dll
[2013.02.05 14:50:21 | 000,500,296 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbam.dll
[2013.02.05 14:50:19 | 001,363,528 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\mbar.exe
[2013.02.05 14:50:19 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Users\mischa\Desktop\fixdamage.exe
[2013.02.04 12:22:10 | 000,001,923 | ---- | M] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.01 17:28:30 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.01 09:23:59 | 000,014,284 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2012 - Kopie.odt
[2013.02.01 09:18:40 | 000,013,066 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2011 - Kopie.odt
[2013.02.01 08:58:48 | 000,013,098 | ---- | M] () -- C:\Users\mischa\Documents\Stunden 2010 - Kopie.odt
[2013.01.30 08:58:00 | 000,001,025 | ---- | M] () -- C:\Users\mischa\Desktop\Dropbox.lnk
[2013.01.18 16:00:38 | 000,020,253 | ---- | M] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2013.01.12 00:58:09 | 000,002,263 | ---- | M] () -- C:\Users\mischa\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.10 13:55:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.10 13:55:48 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.09 23:32:40 | 000,540,917 | ---- | C] () -- C:\Users\mischa\Desktop\ReadMe.rtf
[2013.02.09 23:32:39 | 000,067,432 | ---- | C] () -- C:\Users\mischa\Desktop\License.rtf
[2013.02.09 23:30:52 | 013,711,621 | ---- | C] () -- C:\Users\mischa\Desktop\mbar-1.01.0.1020.zip
[2013.02.09 09:19:57 | 000,001,501 | ---- | C] () -- C:\Users\mischa\Desktop\adwcleaner - Verknüpfung.lnk
[2013.02.09 01:28:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 01:28:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 01:28:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 01:28:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 01:28:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:41:16 | 000,001,428 | ---- | C] () -- C:\Users\mischa\Desktop\OTL - Verknüpfung.lnk
[2013.02.08 13:34:50 | 000,000,759 | ---- | C] () -- C:\Users\mischa\Desktop\gmer.tex - Verknüpfung.lnk
[2013.02.08 13:26:28 | 000,001,166 | ---- | C] () -- C:\Users\mischa\Desktop\hhhmt89c - Verknüpfung.lnk
[2013.02.08 13:10:28 | 000,001,483 | ---- | C] () -- C:\Users\mischa\Desktop\v8hexwbw - Verknüpfung.lnk
[2013.02.08 13:08:34 | 000,000,000 | ---- | C] () -- C:\Users\mischa\defogger_reenable
[2013.02.08 10:19:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.08 09:26:22 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013.02.04 12:22:10 | 000,001,923 | ---- | C] () -- C:\Users\mischa\Documents\Mein Film.wlmp
[2013.02.03 17:47:59 | 000,138,254 | ---- | C] () -- C:\Users\mischa\Documents\Mein FilmFinnland 2011.wlmp
[2013.02.03 13:03:01 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.03 13:02:53 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.03 13:02:35 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.02.03 13:02:24 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.01.18 15:49:27 | 000,020,253 | ---- | C] () -- C:\Users\mischa\Documents\Placke Hoch.odt
[2012.01.15 09:54:05 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.22 19:23:46 | 003,008,021 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 016.JPG
[2011.11.22 19:23:10 | 002,644,198 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-11 012.JPG
[2011.11.22 19:22:05 | 002,952,465 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 017.JPG
[2011.11.22 19:21:13 | 002,874,154 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 015.JPG
[2011.11.22 19:19:55 | 002,705,651 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-10 003.JPG
[2011.11.22 19:18:38 | 002,601,578 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 031.JPG
[2011.11.22 19:17:43 | 002,566,700 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-06 003.JPG
[2011.11.22 19:16:21 | 002,951,612 | ---- | C] () -- C:\Users\mischa\Finnland 2011 2011-02-03 018.JPG
[2011.10.09 11:33:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.10.06 16:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:03 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132