Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner TR/Spy.Banker.YF - Online Banking Probleme (https://www.trojaner-board.de/136357-trojaner-tr-spy-banker-yf-online-banking-probleme.html)

carina145 10.06.2013 21:52
Trojaner TR/Spy.Banker.YF - Online Banking Probleme
 
Hallo liebe Trojaner-Helfer,

habe leider einen neuen Mitbewohner auf meinem PC der Trojaner TR/Spy.Banker.YF.

Was kann ich denn gegen diesen tun? Seitdem ich diesen Trojaner auf meinem PC habe kommt bei meinem Online Banking ein Aufruf von TÜV dass ich meine Handynummer eingeben soll wegen der neuen Smart 1.2 App ab 15.06.2013.

Habe jetzt als erste Maßnahme mein Bankkonto gesperrt. Lasse gerade Anti Vir sowie Malware Bytes darüber laufen. Nur als kleine Anmerkung ich kann mein System nicht neuinstallieren,
da sind ganz wichtige Daten darauf und meine externe FP habe ich die nächsten Tage nicht zur Hand.

Vielen Dank dass ihr mir helft!!

hab gerade das logfile von Malware Bytes erhalten:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.06.10.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Carina :: CARINA-PC [Administrator]

10.06.2013 22:30:34
mbam-log-2013-06-10 (22-30-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213126
Laufzeit: 28 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1980 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Keine Aktion durchgeführt.
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Daten: Search-Results Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Carina\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Keine Aktion durchgeführt.
C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt.
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Carina\AppData\Local\Temp\gugrerulre.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Carina\AppData\Local\Temp\rnzlbrlins.pre (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

aharonov 10.06.2013 22:28
Hallo,

da müssen wir einen genaueren Blick in dein System werfen:
Arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles hier.

carina145 11.06.2013 15:41
OTL Logfile:
Code:
OTL logfile created on: 6/11/2013 4:23:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Carina\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.12% Memory free
5.73 Gb Paging File | 3.96 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 247.91 Gb Free Space | 58.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
 
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe
PRC - [2013/06/05 15:02:56 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Carina\AppData\Local\Smartbar\Application\Linkury.exe
PRC - [2013/05/24 14:27:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 20:06:03 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/16 14:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013/05/16 14:32:46 | 001,016,112 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/11 14:55:31 | 000,107,520 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files\FilesFrog Update Checker\update_checker.exe
PRC - [2012/11/18 09:50:52 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/10/04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
PRC - [2012/07/12 14:24:28 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/20 07:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/05 15:03:36 | 000,021,272 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013/06/05 15:03:32 | 000,025,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/06/05 15:03:30 | 000,019,736 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013/06/05 15:03:26 | 000,013,592 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013/06/05 15:03:24 | 000,245,528 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
MOD - [2013/06/05 15:03:24 | 000,051,480 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/06/05 15:03:22 | 000,111,896 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/06/05 15:03:20 | 000,051,480 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013/06/05 15:03:18 | 000,016,152 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/06/05 15:03:16 | 000,078,104 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013/06/05 15:03:12 | 000,149,784 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/06/05 15:03:12 | 000,057,112 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/06/05 15:03:06 | 000,012,568 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013/06/05 15:03:04 | 000,032,024 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/06/05 15:03:04 | 000,014,104 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013/06/05 15:03:04 | 000,013,592 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/06/05 15:03:02 | 001,725,208 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/06/05 15:03:00 | 000,729,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/06/05 15:03:00 | 000,081,176 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/06/05 15:01:54 | 000,047,384 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/06/05 15:01:46 | 000,025,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013/05/24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/19 10:39:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/19 10:39:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/16 20:06:03 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/05/16 14:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013/05/16 14:32:02 | 000,291,840 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013/05/16 14:02:42 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2013/04/25 12:28:44 | 000,099,096 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\extensions\{bcf71921-e89e-4762-a1b5-f3d26650e9e2}\components\SmartbarFireFoxRemotePlugin_21.dll
MOD - [2013/02/17 22:18:22 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/17 22:18:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/14 20:51:38 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/14 20:50:57 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/14 19:10:24 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/14 19:10:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/14 19:10:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/14 19:09:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/14 19:08:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll
MOD - [2013/01/14 19:08:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/14 19:08:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2012/06/24 15:39:23 | 000,910,680 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/06/24 15:39:22 | 000,145,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012/06/06 02:59:04 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/01/10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/16 14:32:46 | 001,016,112 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/11 14:55:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2012/04/14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/06/11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/12/18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2507441001194275&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.196.5.253:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.0
FF - prefs.js..extensions.enabledAddons: %7Bbcf71921-e89e-4762-a1b5-f3d26650e9e2%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&installDate={installDate}&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/08 14:10:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006 [2012/12/17 16:43:44 | 000,000,000 | ---D | M]
 
[2012/12/20 19:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions
[2011/03/14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/06/05 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions
[2013/06/05 19:11:44 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions\{bcf71921-e89e-4762-a1b5-f3d26650e9e2}
[2013/05/11 15:21:46 | 000,027,737 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\extensions\addon@defaulttab.com.xpi
[2013/05/22 15:40:54 | 000,195,916 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/06/11 16:16:10 | 000,002,025 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\searchplugins\search-here.xml
[2013/06/08 21:12:09 | 000,002,499 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\searchplugins\Web Search.xml
[2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/11/14 19:23:32 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/09 14:26:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/11/21 19:09:45 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970
CHR - Extension: Linkury Smartbar = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Carina\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKCU..\Run: [dnsr] "C:\Users\Carina\AppData\Roaming\dnsr.exe" -autorun File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [mxbblcen] C:\Users\Carina\AppData\Local\Temp\Njnx\isnrrbllcen.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [puoomizl] C:\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKCU..\Run: [winkpack] C:\Users\Carina\AppData\Roaming\winkpack.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0587236b-15f7-11e2-865c-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{0587236b-15f7-11e2-865c-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe
O33 - MountPoints2\{d634d92d-f40d-11df-a944-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{d634d92d-f40d-11df-a944-00262dc0835e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e04c2248-0a0b-11e2-bdab-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{e04c2248-0a0b-11e2-bdab-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe
O33 - MountPoints2\{e24850c6-4a61-11e0-a90e-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{e24850c6-4a61-11e0-a90e-00262dc0835e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e24850ed-4a61-11e0-a90e-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{e24850ed-4a61-11e0-a90e-00262dc0835e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f75005a8-09a3-11e2-bafa-00262dc0835e}\Shell - "" = AutoRun
O33 - MountPoints2\{f75005a8-09a3-11e2-bafa-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 07:37:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/06/10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes
[2013/06/10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/10 07:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Carina\AppData\Roaming\Brokxkwet
[2013/06/08 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/06/08 14:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/06/08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/08 14:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/06/08 14:09:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0}
[2013/05/22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing
[2013/05/22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings
[2013/05/22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/05/22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/05/22 15:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013/05/22 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013/05/22 15:40:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/05/22 15:40:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/05/22 15:40:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013/05/22 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller
[2013/05/22 15:40:11 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013/05/22 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker
[2013/05/18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder
[2 C:\Users\Carina\AppData\Roaming\*.tmp files -> C:\Users\Carina\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 16:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 08:09:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 08:09:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 08:01:00 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable
[2013/06/11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/06/11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013/06/11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013/06/11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 06:34:10 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013/06/10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013/06/10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013/06/10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 17:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/06/08 17:18:45 | 000,002,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/06/08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013/06/08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf
[2013/05/24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/16 14:32:46 | 001,016,112 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013/05/16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2 C:\Users\Carina\AppData\Roaming\*.tmp files -> C:\Users\Carina\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable
[2013/06/10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013/06/08 14:11:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/06/08 14:11:18 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/06/08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013/06/05 19:11:42 | 000,002,335 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/05/24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/05/22 15:40:25 | 001,016,112 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013/05/22 15:40:25 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013/03/02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel
[2013/02/11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol
[2012/12/12 21:31:10 | 000,000,016 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\blckdom.res
[2012/04/17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012/01/10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/09/08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68}
[2011/06/14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C
[2011/03/12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/07/14 01:11:09 | 000,265,216 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\winkpack.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/17 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\17001.006
[2010/11/19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo
[2012/11/10 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Avbe
[2013/06/10 07:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Carina\AppData\Roaming\Brokxkwet
[2012/11/14 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Daeds
[2010/09/22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite
[2013/02/11 14:55:31 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DefaultTab
[2010/11/01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing
[2010/09/26 17:36:46 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular
[2012/12/17 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Evky
[2012/11/16 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Fahaf
[2011/09/29 16:14:16 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Faxtxt
[2011/03/23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0
[2013/05/22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ
[2012/12/12 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\kock
[2011/05/22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand
[2012/06/01 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenCandy
[2011/03/16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org
[2011/03/31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client
[2010/11/10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online
[2011/03/14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird
[2010/09/12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP
[2012/09/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software
[2012/12/13 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\UAs
[2012/11/14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Unywti
[2011/05/22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer
[2012/12/13 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\xmldm
[2012/11/14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Yntyyf
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---







OTL Logfile:
Code:
OTL Extras logfile created on: 6/11/2013 4:23:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Carina\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.12% Memory free
5.73 Gb Paging File | 3.96 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 247.91 Gb Free Space | 58.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
 
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2BD8D8-A59E-4263-955E-E85B61272989}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C2548EA-7942-48F0-86DD-06FC0AD5349E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C8A1692-A33E-4629-8547-BE549C9C41F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D528E64-1695-40D5-BC01-E357B0A3D7AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F7C3B92-1917-486F-A8A1-FBE843A7CBCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1295488D-90AA-4D2D-8A85-937B61F1056C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{138D6145-9DC3-41E4-9A28-BE337641B24A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1732A1C8-F2E4-4865-96A0-9EF60D565641}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A3A184-5C97-414A-A266-71DA38FB794C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26AA1875-58DC-45E4-9FDB-4002FD0F8BE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BC3B93B-D9DF-4299-B556-D7DB30A133E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{3963A0CF-DCFF-453C-9C60-023E09AF154A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3ED4BE6D-0737-44E7-BEDC-2C4F24DB2158}" = rport=445 | protocol=6 | dir=out | app=system |
"{4017A60D-8A00-4776-A4FD-D48D974C40E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{43118698-600A-46DA-A8D9-25E558BD0E25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5103FE3E-A98C-4E7A-8652-03C88E678786}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51D2951C-12B7-48F2-A63A-6DD60490F2BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A792883-A90F-493D-A558-B21D3F35F21F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B7F7972-B3DE-499C-81CE-66F42C5C40FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BED2861-C945-43C0-89A1-3B575DBB8DC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6938B202-BEAE-442D-B0FA-DBAC9564D142}" = lport=2869 | protocol=6 | dir=in | app=system |
"{693FB298-189D-49F2-A161-62DBEBA9C107}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AEB85DF-7622-47CC-997A-321F8ABE6C51}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D11036A-98D1-42FC-8B77-9DF23A3D5D79}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{72A6536A-B927-42B2-B323-B060F5A8AB0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C50FD87-323F-4F1A-BA34-4C42F291E28B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E8FEDFD-67BD-46D7-91E0-FE5D6D1F068D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A00C05F1-9CC9-4756-A1C4-E13B539BEAA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE891186-7FA7-461D-AE2D-036FD77D7D49}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AF0D8BFB-08D5-417F-95E4-DAEEEF63B7DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9528E37-5BE5-492E-B4F2-2F6902DFF763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE511578-D6B9-43D9-89B1-4343CA056544}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D413F8F2-B009-4B86-9ADC-78CDB6F647F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6846CFF-8C63-42DA-BFB8-E7E3BF44E14C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D7F35B49-1594-43D4-A732-E2A74B38F148}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FA858057-8FA9-474A-9D91-68C6DFFD93CC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE7BE993-FDB2-4A8D-B390-07D72F2AB120}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C23B67-2531-46C8-9BAD-26E7E90046AF}" = dir=in | app=c:\users\carina\appdata\local\microsoft\skydrive\skydrive.exe |
"{07A9EDA2-748D-4D00-BBB9-AEB6B99B11B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A3AAFB0-5977-40D8-A32A-0FF596258F12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B794838-A347-4E6C-AA53-072C9D738EE3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{0DE43924-C16E-410E-99F8-01A5953D3B68}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{24886AB9-D6C2-47ED-81C7-0FF832922C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F94A7B4-0BD3-4CC0-B609-30209C85F942}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3DB5C193-51DF-49D8-8AEC-2ACB658B0FEF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3E5CAFFB-0D58-463F-9D51-31264D22A0AD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3E9554B0-6394-4662-88DA-2BFFD5C4F310}" = protocol=6 | dir=out | app=system |
"{3FAD9779-5A4E-4F8D-AC05-1E39E359D022}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{43B08700-ADBA-460A-A67D-F802F87B695E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4724C203-0D88-4CCB-AC86-BC5D5481864D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{501DE42C-8CBD-4B12-9F08-FBED696DA779}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52396FBA-1B71-4652-BD34-8DF727624A3D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{52D0F378-CF03-4646-9FD7-6B4AC04233EA}" = protocol=17 | dir=in | app=e:\alicesetup.exe |
"{6335E80C-814D-4846-9141-C601A492DC5E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6531E4E8-D3E9-45A4-A71E-8F92C13DB46B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{682B1235-AA91-4662-A1DB-F3088E7A05B5}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{71F97452-D7D7-4D67-8F30-7AC3C551DA4D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7593633D-8B78-4A84-B0D7-90AEA9B72643}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{85DD15A8-8358-47C0-8C50-1D5ACAB93928}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8747F26B-9919-470B-B86B-2E7D77BC9A5A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{87A0947C-83ED-423E-A4BA-AF06A337678B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92766B57-D818-459A-AFAC-79FE5B61DA18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94147CA9-E192-4A51-A698-43912C3DE013}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B88A18-F328-4FD8-9D95-2F3C82B7BD17}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{9A21878F-F2CB-4146-B018-F918A7CD92D3}" = dir=in | app=c:\users\carina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9DD94E34-F3E5-4A97-95B3-8787A2B13C34}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9F0D41F4-E280-469C-B5E6-A362FB1B7BBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6FD2A97-4E54-49F6-BF26-63A7027C3BF0}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{B5858166-4C79-4DA8-AC24-8C008B011174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5F5EE25-F724-41C9-B1BB-69DF9B06230C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B922EE37-D5A7-46EE-A26D-2FBB5C7086D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F34636-3072-43D4-B5B3-224110B64EA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB385344-596B-49A5-A49F-D1C5AAFC9F8C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CCB514F0-0AEC-4E15-B3ED-C25014A507C8}" = protocol=6 | dir=in | app=e:\alicesetup.exe |
"{D0F459B7-F96F-4C07-A001-0A2BCE4012BE}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{D2628B81-624A-4227-A8EC-053AA84AC828}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7764F80-7CF1-4417-8D7D-057EEE271748}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DCAF7858-9743-4DED-BD48-F18821FC0305}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E3E269DE-1CE4-4666-832B-366BE8744ABB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9373D70-788B-4690-8433-2197AECE7490}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F87704D4-7494-4350-B9BF-C2A12B5EF0BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8D24FDB-6660-4340-AF24-BC0599176471}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE1860D9-59CE-4862-8441-79DDCE1596CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{442F78DB-CA51-4751-8775-7E0F21E41DB7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4B46D7B0-A105-4F15-93E3-1C1123D50933}C:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe" = protocol=6 | dir=in | app=c:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe |
"TCP Query User{58BB7EF5-1BCA-43C4-8A10-031EA5073524}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{62518171-C3A9-418B-B625-A7AB97BA8D92}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{9A30B723-32A9-44CF-ABDE-DC69BC81633D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{A1696CB1-D5F8-4E49-B48C-CD83600AFA85}C:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe" = protocol=6 | dir=in | app=c:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe |
"TCP Query User{BED4F0C8-96B4-42A0-BFF8-D7FB0247C82E}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{2D285118-0048-4D35-8855-2921561B3470}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{36EEB358-8AF8-47DD-AC6A-1E5AC7D5027C}C:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe" = protocol=17 | dir=in | app=c:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe |
"UDP Query User{3D5C6049-FE37-41F5-8E6D-7379D41975FD}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{6E95950A-61E7-46A0-9879-8997F7E5C813}C:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe" = protocol=17 | dir=in | app=c:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe |
"UDP Query User{8F27196C-E320-4350-95A3-6AF267389D7E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D03365D7-D1E5-49B0-B0F0-218AEF8AC0AD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{E5F073A6-828D-45C0-B20F-0C17D593175F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{432E898E-207A-475C-B6E8-0317C4A08A46}" = Jaws PDF Editor 4
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50150000-007E-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE6C374-6118-11DC-9C72-001320C79847}" = SweetPacks Toolbar For Firefox 1.13.0.0
"{F04C4F83-D9C7-408C-9DEB-D5526E72108C}" = Linkury Smartbar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DefaultTab" = DefaultTab
"ElsterFormular" = ElsterFormular
"EXCEL" = Microsoft Office Excel 2007
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GIMP-2_is1" = GIMP 2.8.4
"GotClip" = GotClip Downloader
"HaaliMkx" = Haali Media Splitter
"iLivid" = iLivid
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LuxandBlink_is1" = Luxand Blink! v2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PhotoRescue Expert PC Demo_is1" = PhotoRescue Expert PC Demo 2.1.712
"PROR" = Microsoft Office Professional 2007
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WNLT" = SweetPacks Updater
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{e2ca506f-ef22-4fb2-8829-d1135f1c1e05}" = Linkury Smartbar Engine
"Adobe Connect Add-in" = Adobe Connect Add-in
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/10/2013 11:37:00 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xf1eef1ee  ID des fehlerhaften
 Prozesses: 0x2558  Startzeit der fehlerhaften Anwendung: 0x01ce659cdb7fca81  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 970c7030-d1e3-11e2-a3c9-00262dc0835e
 
Error - 6/10/2013 11:37:04 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.7, Zeitstempel:
 0x506d9e00  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02e1e9b0  ID des fehlerhaften Prozesses:
 0xfc8  Startzeit der fehlerhaften Anwendung: 0x01ce641646f46478  Pfad der fehlerhaften
 Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe  Pfad des fehlerhaften
Moduls: unknown  Berichtskennung: 994ede93-d1e3-11e2-a3c9-00262dc0835e
 
Error - 6/10/2013 11:39:49 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McCHSvc.exe, Version: 3.0.318.0,
Zeitstempel: 0x511128a4  Name des fehlerhaften Moduls: WebInfoScanner.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x511128ea  Ausnahmecode: 0xc0000005  Fehleroffset:
0x6417c58f  ID des fehlerhaften Prozesses: 0x2be0  Startzeit der fehlerhaften Anwendung:
 0x01ce65f0664579ec  Pfad der fehlerhaften Anwendung: C:\Program Files\McAfee Security
 Scan\3.0.318\McCHSvc.exe  Pfad des fehlerhaften Moduls: WebInfoScanner.dll  Berichtskennung:
 fb9b4978-d1e3-11e2-a3c9-00262dc0835e
 
Error - 6/10/2013 12:08:26 PM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0xba4  Startzeit der fehlerhaften Anwendung: 0x01ce65f27d2f5cba  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: fb5d38fa-d1e7-11e2-a3c9-00262dc0835e
 
Error - 6/10/2013 3:13:47 PM | Computer Name = Carina-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.1262 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1434    Startzeit:
 01ce65f7a0f41296    Endzeit: 60000    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID:
 b165cb0e-d201-11e2-a3c9-00262dc0835e 
 
Error - 6/10/2013 4:02:17 PM | Computer Name = Carina-PC | Source = Application Hang | ID = 1002
Description = Programm SnippingTool.exe, Version 6.1.7600.16385 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fdc    Startzeit: 01ce66153ea85cd7    Endzeit: 20    Anwendungspfad:
C:\Windows\system32\SnippingTool.exe    Berichts-ID: a1e2a08b-d208-11e2-a3c9-00262dc0835e

 
Error - 6/10/2013 11:26:16 PM | Computer Name = Carina-PC | Source = Google Update | ID = 20
Description =
 
Error - 6/11/2013 12:34:11 AM | Computer Name = Carina-PC | Source = Google Update | ID = 20
Description =
 
Error - 6/11/2013 12:36:46 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511246e7  Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
 0.0.0.0, Zeitstempel: 0x511246e7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002c60
ID
 des fehlerhaften Prozesses: 0x734  Startzeit der fehlerhaften Anwendung: 0x01ce665d3e173a82
Pfad
 der fehlerhaften Anwendung: C:\Program Files\DefaultTab\DefaultTabSearch.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\DefaultTab\DefaultTabSearch.exe  Berichtskennung:
 85bd3dfb-d250-11e2-8b5c-00262dc0835e
 
Error - 6/11/2013 1:59:52 AM | Computer Name = Carina-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\$RECYCLE.BIN\S-1-5-21-3410650692-588603448-4288098186-1000\$RQ1R9BD.JPG.

 [ACCESS_VIOLATION Exception!! EIP = 0x6e127f32]  Bitte Avira informieren und die
 obige Datei übersenden!
 
Error - 6/11/2013 2:03:02 AM | Computer Name = Carina-PC | Source = MsiInstaller | ID = 11609
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 4/4/2013 9:46:59 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CMainFrame::OnConnectBtn File: .\mainfrm.cpp Line: 218 Invoked
 Function: CMainFrame::attemptConnect Return Code: -33554422 (0xFE00000A) Description:
 GLOBAL_ERROR_UNKNOWN
 
Error - 4/4/2013 9:47:03 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CMainFrame::attemptConnect File: .\mainfrm.cpp Line: 1460 Invoked
 Function: CMainFrame::initiateConnect Return Code: -33554422 (0xFE00000A) Description:
 GLOBAL_ERROR_UNKNOWN
 
Error - 4/4/2013 9:47:15 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinInet::SendRequest File: .\CTransportWinInet.cpp
Line:
 1125 Invoked Function: CTransportWinInet::SendRequest Return Code: 12044 (0x00002F0C)
Description:
 A certificate is required to complete client authentication 
 
Error - 4/4/2013 9:47:24 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::GetConnName File: .\WindowsVirtualAdapter.cpp
Line:
 2355 Invoked Function: GetAdaptersAddresses Return Code: 111 (0x0000006F) Description:
 Der Dateiname ist zu lang. 
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
 1295 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
 ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change:  Action: AddRoute  Destination: 0.0.0.0  Netmask:
 0.0.0.0  Gateway: 193.197.41.1  Interface: 193.197.41.154  Metric: 1
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 226 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
 ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
 1295 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.39  Interface: 192.168.178.39  Metric:
 256
 
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 245 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
 
[ Media Center Events ]
Error - 11/3/2010 4:27:37 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 21:27:36 - Fehler beim Herstellen der Internetverbindung.  21:27:36
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/14/2010 6:52:37 AM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 11:52:37 - Fehler beim Herstellen der Internetverbindung.  11:52:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/14/2010 6:52:46 AM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 11:52:42 - Fehler beim Herstellen der Internetverbindung.  11:52:42
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/18/2010 3:39:29 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:39:29 - Fehler beim Herstellen der Internetverbindung.  20:39:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/18/2010 3:39:41 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:39:34 - Fehler beim Herstellen der Internetverbindung.  20:39:34
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/22/2010 2:58:53 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 19:58:53 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 11/22/2010 3:00:11 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:00:07 - Fehler beim Herstellen der Internetverbindung.  20:00:07
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 11/22/2010 4:03:16 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 21:03:16 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten) 
 
Error - 10/19/2011 2:26:55 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:26:55 - Fehler beim Herstellen der Internetverbindung.  20:26:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10/19/2011 2:27:29 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:27:24 - Fehler beim Herstellen der Internetverbindung.  20:27:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 6/5/2013 2:15:13 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 6/5/2013 2:15:13 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 6/8/2013 3:03:46 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 6/10/2013 11:39:56 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Security Scan Component Host Service" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 6/11/2013 12:36:54 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 6/11/2013 1:59:55 AM | Computer Name = Carina-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

aharonov 11.06.2013 15:46
Fehlt nur noch das Gmer-Log und dann legen wir los.
Aber ich hab so auf die Schnelle schon gesehen, dass einiges drauf ist..

carina145 11.06.2013 15:55
Läuft noch :-) Aber danke schon mal.

Ich seh da nämlich gar nichts. :-)

aharonov 11.06.2013 16:06
Ok. :)

carina145 11.06.2013 20:07
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 21:07:02
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Carina\AppData\Local\Temp\pwdirpod.sys


---- System - GMER 2.1 ----

SSDT            96A534DE                                                                                                                                    ZwCreateSection
SSDT            96A534E8                                                                                                                                    ZwRequestWaitReplyPort
SSDT            96A534E3                                                                                                                                    ZwSetContextThread
SSDT            96A534ED                                                                                                                                    ZwSetSecurityObject
SSDT            96A534F2                                                                                                                                    ZwSystemDebugControl
SSDT            96A5347F                                                                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                    83051A09 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                      8308B1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                        8309234C 4 Bytes  [DE, 34, A5, 96]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                        830926A8 4 Bytes  [E8, 34, A5, 96]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                        830926EC 4 Bytes  [E3, 34, A5, 96] {JECXZ 0x36; MOVSD ; XCHG ESI, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                        83092768 4 Bytes  [ED, 34, A5, 96] {IN EAX, DX; XOR AL, 0xa5; XCHG ESI, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                        830927BC 4 Bytes  [F2, 34, A5, 96] {XOR AL, 0xa5; XCHG ESI, EAX}
.text          ...                                                                                                                                       

---- User code sections - GMER 2.1 ----

.text          C:\Windows\Explorer.EXE[1076] kernel32.dll!CreateProcessW                                                                                  778B204D 5 Bytes  JMP 05E43DC4
.text          C:\Windows\Explorer.EXE[1076] ADVAPI32.dll!CreateProcessAsUserW                                                                            7606C592 5 Bytes  JMP 05E43B6C
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetCloseHandle                                                                              761B3CC2 5 Bytes  JMP 05E42B74
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpQueryInfoA                                                                                    761B6AB7 5 Bytes  JMP 05E42AA4
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpQueryInfoW                                                                                    761B7202 5 Bytes  JMP 05E42B0C
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpSendRequestW                                                                                  761B76E6 5 Bytes  JMP 05E404F8
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpOpenRequestW                                                                                  761B7E1D 5 Bytes  JMP 05E3EAC8
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetConnectW                                                                                  761BAC54 5 Bytes  JMP 05E3E1C0
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetQueryDataAvailable                                                                        7620A1AD 5 Bytes  JMP 05E41400
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFile                                                                                  7620A5EF 5 Bytes  JMP 05E4192C
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFileExW                                                                              76211A4B 5 Bytes  JMP 05E422DC
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFileExA                                                                              76211AA2 5 Bytes  JMP 05E41B14
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetOpenA                                                                                    7622EAF8 5 Bytes  JMP 05E3E16C
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!InternetConnectA                                                                                  7625F6B3 5 Bytes  JMP 05E3E3A0
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpSendRequestA                                                                                  76285876 5 Bytes  JMP 05E3FD80
.text          C:\Windows\Explorer.EXE[1076] WININET.dll!HttpOpenRequestA                                                                                  76285B15 5 Bytes  JMP 05E3ED1C
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!RegisterMessagePumpHook + 2F1                                        76948B9E 7 Bytes  JMP 60AAEA03 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!IsDialogMessageW + 340                                              76954444 7 Bytes  JMP 60AAE992 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!GetWindowInfo                                                        76954B5E 5 Bytes  JMP 608E5238 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!ToUnicodeEx + 71                                                    76962223 7 Bytes  JMP 608E5811 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtClose                                                                        77CF54C8 5 Bytes  JMP 61BEDB70 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtCreateFile                                                                  77CF55C8 5 Bytes  JMP 61BED840 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtFlushBuffersFile                                                            77CF5958 5 Bytes  JMP 61BED970 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtLockFile                                                                    77CF5B98 5 Bytes  JMP 61BEDA60 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtOpenFile                                                                    77CF5CD8 5 Bytes  JMP 61BED7C0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtQueryInformationFile                                                        77CF6018 5 Bytes  JMP 61BC3390 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtReadFile                                                                    77CF62B8 5 Bytes  JMP 61BC31F0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtSetInformationFile                                                          77CF6638 5 Bytes  JMP 61BED9E0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtUnlockFile                                                                  77CF6998 5 Bytes  JMP 61BEDAF0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtWriteFile                                                                    77CF6A68 5 Bytes  JMP 61BED8E0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!LdrGetProcedureAddress + 26                                                    77D12239 7 Bytes  JMP 02069CF0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                                            778F941E 7 Bytes  JMP 02615408 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!QueryPerformanceCounter + 13                                                778FC435 7 Bytes  JMP 0261542B C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!LoadAppInitDlls + 355                                                      778FF4F6 7 Bytes  JMP 0207369E C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] GDI32.dll!GetViewportOrgEx + 26C                                                        77BD884B 7 Bytes  JMP 02615389 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetCloseHandle                                                          761B3CC2 5 Bytes  JMP 03492B74
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpQueryInfoA                                                              761B6AB7 5 Bytes  JMP 03492AA4
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpQueryInfoW                                                              761B7202 5 Bytes  JMP 03492B0C
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpSendRequestW                                                            761B76E6 5 Bytes  JMP 034904F8
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpOpenRequestW                                                            761B7E1D 5 Bytes  JMP 0348EAC8
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetConnectW                                                            761BAC54 5 Bytes  JMP 0348E1C0
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetQueryDataAvailable                                                  7620A1AD 5 Bytes  JMP 03491400
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFile                                                            7620A5EF 5 Bytes  JMP 0349192C
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFileExW                                                          76211A4B 5 Bytes  JMP 034922DC
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFileExA                                                          76211AA2 5 Bytes  JMP 03491B14
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetOpenA                                                                7622EAF8 5 Bytes  JMP 0348E16C
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetConnectA                                                            7625F6B3 5 Bytes  JMP 0348E3A0
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpSendRequestA                                                            76285876 5 Bytes  JMP 0348FD80
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpOpenRequestA                                                            76285B15 5 Bytes  JMP 0348ED1C
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateFile + 6                                      77CF55CE 4 Bytes  [28, B0, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateFile + B                                      77CF55D3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateKey + 6                                      77CF560E 4 Bytes  [68, B1, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateKey + B                                      77CF5613 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateMutant + 6                                    77CF564E 4 Bytes  [68, B2, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateMutant + B                                    77CF5653 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateSection + 6                                  77CF56EE 4 Bytes  [A8, B2, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateSection + B                                  77CF56F3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtMapViewOfSection + B                                77CF5C33 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenFile + 6                                        77CF5CDE 4 Bytes  [68, B0, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenFile + B                                        77CF5CE3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKey + 6                                        77CF5D0E 4 Bytes  [A8, B1, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKey + B                                        77CF5D13 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKeyEx + B                                      77CF5D23 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenMutant + 6                                      77CF5D5E 4 Bytes  [28, B2, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenMutant + B                                      77CF5D63 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcess + 6                                    77CF5D8E 4 Bytes  [68, B3, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcess + B                                    77CF5D93 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessToken + 6                                77CF5D9E 4 Bytes  [A8, B3, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessToken + B                                77CF5DA3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6                              77CF5DAE 4 Bytes  [68, B4, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B                              77CF5DB3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenSection + B                                    77CF5DD3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThread + 6                                      77CF5E0E 4 Bytes  [28, B3, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThread + B                                      77CF5E13 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadToken + 6                                77CF5E1E 4 Bytes  [28, B4, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadToken + B                                77CF5E23 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadTokenEx + 6                              77CF5E2E 4 Bytes  [A8, B4, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B                              77CF5E33 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryAttributesFile + 6                            77CF5F3E 4 Bytes  [A8, B0, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryAttributesFile + B                            77CF5F43 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B                        77CF5FF3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationFile + 6                              77CF663E 4 Bytes  [28, B1, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationFile + B                              77CF6643 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationThread + B                            77CF66A3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6                              77CF69BE 4 Bytes  [28, B5, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtUnmapViewOfSection + B                              77CF69C3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] kernel32.dll!CreateProcessW                                    778B204D 5 Bytes  JMP 00080030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] kernel32.dll!CreateProcessA                                    778B2082 5 Bytes  JMP 00080070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ActivateKeyboardLayout                              76948203 5 Bytes  JMP 001304F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ScreenToClient                                      7694A506 7 Bytes  JMP 00130670
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!RegisterClipboardFormatA                            7694C091 5 Bytes  JMP 001302F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!RegisterClipboardFormatW                            7694DF8D 5 Bytes  JMP 001302B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetCursor                                            76953075 5 Bytes  JMP 00130530
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!MonitorFromWindow                                    76953622 7 Bytes  JMP 00130630
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!PostMessageW                                        7695447B 5 Bytes  JMP 001305F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!IsWindowVisible                                      76954D69 7 Bytes  JMP 001306B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClientRect                                        769554DD 7 Bytes  JMP 001305B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!MapWindowPoints                                      76955CAA 5 Bytes  JMP 00130570
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetParent                                            76956029 7 Bytes  JMP 001306F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!EmptyClipboard                                      7696290C 5 Bytes  JMP 00130130
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetClipboardData                                    76962962 5 Bytes  JMP 00130170
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardData                                    76962BA7 5 Bytes  JMP 00130030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardFormatNameW                              76965FD2 5 Bytes  JMP 00130230
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetClipboardViewer                                  76966FF6 5 Bytes  JMP 001304B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardFormatNameA                              7696700A 5 Bytes  JMP 00130270
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ChangeClipboardChain                                7697147C 5 Bytes  JMP 00130430
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetTopWindow                                        769724D9 7 Bytes  JMP 00130730
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!CloseClipboard                                      7697446C 5 Bytes  JMP 001300B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!OpenClipboard                                        7697447E 5 Bytes  JMP 00130070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!IsClipboardFormatAvailable                          769744FF 5 Bytes  JMP 001300F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardSequenceNumber                          76974513 5 Bytes  JMP 00130330
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardOwner                                    76974525 5 Bytes  JMP 00130370
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!CountClipboardFormats                                7697470A 5 Bytes  JMP 001301F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!EnumClipboardFormats                                769747EC 5 Bytes  JMP 001301B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetOpenClipboardWindow                              7697480B 5 Bytes  JMP 001303F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetCursorPos                                        7698C1B0 5 Bytes  JMP 00130770
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardViewer                                  769A4AF7 5 Bytes  JMP 00130470
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetPriorityClipboardFormat                          769A4BF9 5 Bytes  JMP 001303B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!DeleteObject                                          77BD5F14 5 Bytes  JMP 001401B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectObject                                          77BD6640 5 Bytes  JMP 001405F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetTextColor                                          77BD6906 5 Bytes  JMP 00140A30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetBkMode                                            77BD69B1 5 Bytes  JMP 001408F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!DeleteDC                                              77BD6EAA 5 Bytes  JMP 00140170
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetDeviceCaps                                        77BD6F7F 5 Bytes  JMP 001403B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtSelectClipRgn                                      77BD7114 5 Bytes  JMP 001402F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectClipRgn                                        77BD7242 5 Bytes  JMP 001405B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetStretchBltMode                                    77BD7705 5 Bytes  JMP 001406B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetCurrentObject                                      77BD7917 5 Bytes  JMP 00140370
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextMetricsW                                      77BD7B8F 5 Bytes  JMP 00140E30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextAlign                                          77BD7DAF 5 Bytes  JMP 00140D70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!IntersectClipRect                                    77BD7DFE 5 Bytes  JMP 001403F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtTextOutW                                          77BD8192 5 Bytes  JMP 00140970
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetTextAlign                                          77BD828E 5 Bytes  JMP 001409F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetClipBox                                            77BD8525 5 Bytes  JMP 00140330
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!MoveToEx                                              77BD8C21 5 Bytes  JMP 00140470
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StretchDIBits                                        77BDA53E 5 Bytes  JMP 00140770
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!RestoreDC                                            77BDA67B 5 Bytes  JMP 00140530
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SaveDC                                                77BDA74B 5 Bytes  JMP 00140570
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextExtentPoint32W                                77BDB4B5 5 Bytes  JMP 00140670
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceW                                          77BDB73A 2 Bytes  JMP 00140D30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceW + 3                                      77BDB73D 2 Bytes  [56, 88]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetFontData                                          77BDBCC4 5 Bytes  JMP 00140C70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetWorldTransform                                    77BDC90A 5 Bytes  JMP 001406F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateDCA                                            77BDCCA9 5 Bytes  JMP 001400B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateDCW                                            77BDCF79 5 Bytes  JMP 001400F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateICW                                            77BDCFD0 5 Bytes  JMP 00140130
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextMetricsA                                      77BDD0F2 5 Bytes  JMP 00140DF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!Rectangle                                            77BDF1FF 5 Bytes  JMP 001409B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!LineTo                                                77BDF59B 5 Bytes  JMP 00140430
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetICMMode                                            77BDFAA4 5 Bytes  JMP 00140DB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtTextOutA                                          77BE03F9 5 Bytes  JMP 00140930
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextExtentPoint32A                                77BE07B0 5 Bytes  JMP 00140630
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtEscape                                            77BE2949 5 Bytes  JMP 001402B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!Escape                                                77BE3939 5 Bytes  JMP 00140270
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceA                                          77BE3E6A 5 Bytes  JMP 00140CF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetPolyFillMode                                      77BED851 5 Bytes  JMP 00140B30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetMiterLimit                                        77BEDA0D 5 Bytes  JMP 00140B70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndPage                                              77BF00D7 5 Bytes  JMP 00140230
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ResetDCW                                              77BF050D 5 Bytes  JMP 00140AB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetGlyphOutlineW                                      77BFC1BA 5 Bytes  JMP 00140CB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateScalableFontResourceW                          77BFE817 5 Bytes  JMP 00140BB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!AddFontResourceW                                      77BFEC13 5 Bytes  JMP 00140BF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!RemoveFontResourceW                                  77BFF109 5 Bytes  JMP 00140C30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!AbortDoc                                              77C04C63 5 Bytes  JMP 00140030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndDoc                                                77C050AA 5 Bytes  JMP 001401F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StartPage                                            77C05195 5 Bytes  JMP 00140730
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StartDocW                                            77C05BB0 5 Bytes  JMP 001407F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!BeginPath                                            77C0635D 5 Bytes  JMP 00140830
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectClipPath                                        77C063B4 5 Bytes  JMP 00140AF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CloseFigure                                          77C0640F 5 Bytes  JMP 00140070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndPath                                              77C06466 5 Bytes  JMP 00140A70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StrokePath                                            77C06699 5 Bytes  JMP 001407B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!FillPath                                              77C06726 5 Bytes  JMP 00140870
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolylineTo                                            77C06B94 5 Bytes  JMP 001404F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolyBezierTo                                          77C06C25 5 Bytes  JMP 001404B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolyDraw                                              77C06CD7 5 Bytes  JMP 001408B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleSetClipboard                                      763C0045 5 Bytes  JMP 00160030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleIsCurrentClipboard                                763C36B2 5 Bytes  JMP 00160070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleGetClipboard                                      763EFDCD 5 Bytes  JMP 001600B0
.text          C:\Windows\explorer.exe[5312] kernel32.dll!CreateProcessW                                                                                  778B204D 5 Bytes  JMP 03313DC4
.text          C:\Windows\explorer.exe[5312] ADVAPI32.dll!CreateProcessAsUserW                                                                            7606C592 5 Bytes  JMP 03313B6C
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetCloseHandle                                                                              761B3CC2 5 Bytes  JMP 03312B74
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpQueryInfoA                                                                                    761B6AB7 5 Bytes  JMP 03312AA4
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpQueryInfoW                                                                                    761B7202 5 Bytes  JMP 03312B0C
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpSendRequestW                                                                                  761B76E6 5 Bytes  JMP 033104F8
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpOpenRequestW                                                                                  761B7E1D 5 Bytes  JMP 0330EAC8
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetConnectW                                                                                  761BAC54 5 Bytes  JMP 0330E1C0
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetQueryDataAvailable                                                                        7620A1AD 5 Bytes  JMP 03311400
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFile                                                                                  7620A5EF 5 Bytes  JMP 0331192C
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFileExW                                                                              76211A4B 5 Bytes  JMP 033122DC
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFileExA                                                                              76211AA2 5 Bytes  JMP 03311B14
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetOpenA                                                                                    7622EAF8 5 Bytes  JMP 0330E16C
.text          C:\Windows\explorer.exe[5312] wininet.DLL!InternetConnectA                                                                                  7625F6B3 5 Bytes  JMP 0330E3A0
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpSendRequestA                                                                                  76285876 5 Bytes  JMP 0330FD80
.text          C:\Windows\explorer.exe[5312] wininet.DLL!HttpOpenRequestA                                                                                  76285B15 5 Bytes  JMP 0330ED1C

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                    Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                    Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind    \Device\{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}?\Device\{AA545348-63AE-4B34-906E-A7345A340833}?\Device\{34B32756-4FD2-43AB-A9D3-5E9027F85821}?
Reg            HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route  "{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}"?"{AA545348-63AE-4B34-906E-A7345A340833}"?"{34B32756-4FD2-43AB-A9D3-5E9027F85821}"?
Reg            HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  \Device\TCPIP6TUNNEL_{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}?\Device\TCPIP6TUNNEL_{AA545348-63AE-4B34-906E-A7345A340833}?\Device\TCPIP6TUNNEL_{34B32756-4FD2-43AB-A9D3-5E9027F85821}?
Reg            HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA545348-63AE-4B34-906E-A7345A340833}@InterfaceName                      isatap.{B23AD125-C9B4-4D84-9572-03610279EA18}
Reg            HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA545348-63AE-4B34-906E-A7345A340833}@ReusableType                      0
Reg            HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                            13238
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                           
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                      0x7D 0x9A 0xB2 0x33 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x43 0xF7 0x59 0xD4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                        0xC0 0x5F 0x06 0x5B ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                       
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                            C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                            0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                            0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x7D 0x9A 0xB2 0x33 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                    0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                0x43 0xF7 0x59 0xD4 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                            0xC0 0x5F 0x06 0x5B ...

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---


endlich geschafft...sorry für die verspätung

aharonov 11.06.2013 20:26
So, dann legen wir los. :)


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • Ask Toolbar
    • SweetIM for Messenger 3.7
    • SweetPacks Toolbar For Firefox 1.13.0.0
    • Linkury Smartbar
    • DefaultTab
    • FilesFrog Update Checker
    • iLivid
    • Search-Results Toolbar
    • McAfee Security Scan Plus
    • SweetIM Bundle by SweetPacks
    • Windows iLivid Toolbar
    • SweetPacks Updater
    • Linkury Smartbar Engine
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL

carina145 11.06.2013 21:24
AdwCleaner Logfile:
Code:
# AdwCleaner v2.303 - Datei am 11/06/2013 um 21:49:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Carina - CARINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Carina\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\Carina\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Windows iLivid Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Carina\AppData\Local\APN
Ordner Gelöscht : C:\Users\Carina\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Carina\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Carina\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Carina\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\system32\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=[...]
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e[...]

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27388 octets] - [11/06/2013 21:49:47]

########## EOF - C:\AdwCleaner[S1].txt - [27449 octets] ##########
--- --- ---



Combofix Logfile:
Code:
ComboFix 13-06-08.02 - Carina 11.06.2013  22:00:17.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2935.1233 [GMT 2:00]
ausgeführt von:: c:\users\Carina\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Carina\AppData\Roaming\17001.006
c:\users\Carina\AppData\Roaming\17001.006\chrome.manifest
c:\users\Carina\AppData\Roaming\17001.006\components\AcroFF.txt
c:\users\Carina\AppData\Roaming\17001.006\install.rdf
c:\users\Carina\AppData\Roaming\AcroIEHelpe.txt
c:\users\Carina\AppData\Roaming\nz966p5a.default.tmp
c:\users\Carina\AppData\Roaming\srvblck5.tmp
c:\users\Carina\AppData\Roaming\videoqhmem.exe
c:\users\Carina\AppData\Roaming\Yntyyf
c:\users\Carina\AppData\Roaming\Yntyyf\ycyh.xoi
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 20:11 . 2013-06-11 20:12        --------        d-----w-        c:\users\Carina\AppData\Local\temp
2013-06-11 20:11 . 2013-06-11 20:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-11 05:37 . 2013-06-11 05:37        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\users\Carina\AppData\Roaming\Malwarebytes
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-10 20:29 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-06-10 05:39 . 2013-06-10 05:39        --------        d--h--w-        c:\users\Carina\AppData\Roaming\Brokxkwet
2013-06-08 12:11 . 2013-06-08 12:11        --------        d-----w-        c:\programdata\McAfee
2013-06-08 10:28 . 2013-06-11 20:05        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\offreg.dll
2013-06-07 13:33 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\mpengine.dll
2013-05-24 21:42 . 2013-05-24 21:42        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-24 12:27 . 2013-05-24 12:27        262552        ----a-w-        c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 13:41 . 2013-05-22 13:41        --------        d-----w-        c:\users\Carina\Tracing
2013-05-22 13:41 . 2013-05-22 13:41        --------        d-----w-        c:\program files\7-Zip
2013-05-22 13:40 . 2013-05-16 12:02        632656        ----a-w-        c:\windows\system32\msvcr80.dll
2013-05-22 13:40 . 2013-05-16 12:02        554832        ----a-w-        c:\windows\system32\msvcp80.dll
2013-05-22 13:40 . 2013-05-16 12:02        479232        ----a-w-        c:\windows\system32\msvcm80.dll
2013-05-18 08:14 . 2013-04-10 05:18        728424        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 08:14 . 2013-04-10 05:18        218984        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 08:14 . 2013-04-10 03:14        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-05-18 08:13 . 2013-03-19 04:53        186368        ----a-w-        c:\windows\system32\wwansvc.dll
2013-05-18 08:13 . 2013-03-19 03:33        40960        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-05-18 08:13 . 2013-02-27 05:05        101720        ----a-w-        c:\windows\system32\consent.exe
2013-05-18 08:13 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\system32\authui.dll
2013-05-18 08:13 . 2013-02-27 04:49        47104        ----a-w-        c:\windows\system32\appinfo.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:06 . 2012-07-14 16:35        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-16 18:06 . 2011-09-05 16:59        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 09:54 . 2011-03-28 10:36        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 08:07 . 2013-05-10 08:08        66656        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-06-28 23:04        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-18 08:14        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 08:14        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-27 16:14        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-01 12:28 . 2012-10-18 16:53        84744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-04-01 12:28 . 2012-10-18 16:53        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-04-01 12:28 . 2012-10-18 16:53        135136        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-14 09:35        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 09:35        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-14 09:35        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-14 09:35        69632        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"puoomizl"="c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe" [2013-06-10 141312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Luxand Blink!"="c:\program files\Luxand\Blink!\LuxandBlinkTray.exe" [2010-10-18 7143224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-10 345312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-11 40776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-01 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-04-01 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2012-09-11 1034880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:06]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 193.196.5.253:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\
FF - prefs.js: browser.search.defaulturl -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-dnsr - c:\users\Carina\AppData\Roaming\dnsr.exe
HKCU-Run-videoqhmem - c:\users\Carina\AppData\Roaming\videoqhmem.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-BsScanner
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  22:18:53
ComboFix-quarantined-files.txt  2013-06-11 20:18
.
Vor Suchlauf: 7 Verzeichnis(se), 267.098.808.320 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 267.541.602.304 Bytes frei
.
- - End Of File - - 4762ED62930A289B0C12ABEB54D1EBF8
--- --- ---
8A1C59E4DFEF87510470928550466632



OTL Logfile:
Code:
OTL logfile created on: 6/11/2013 10:20:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Carina\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.87 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 57.96% Memory free
5.73 Gb Paging File | 4.40 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 249.23 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
 
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2012.01.10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2012.04.14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.09.10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Carina\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.06.11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.04.01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.05.24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.02.03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.10.09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.196.5.253:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.08 14:10:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006
 
[2013.06.11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions
[2011.03.14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.06.11 21:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions
[2013.06.11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.03.31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.iminent.com/?appId=88DA0528-E556-4B54-8EBF-653911D9816D
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.11 22:12:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [puoomizl] C:\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 22:19:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 22:19:06 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\temp
[2013.06.11 21:55:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 21:55:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 21:55:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 21:53:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 21:52:40 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Carina\Desktop\ComboFix.exe
[2013.06.11 07:37:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes
[2013.06.10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.10 07:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Carina\AppData\Roaming\Brokxkwet
[2013.06.08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.06.08 14:09:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.05.22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0}
[2013.05.22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing
[2013.05.22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings
[2013.05.22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 22:12:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.11 21:58:59 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 21:58:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 21:53:06 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Carina\Desktop\ComboFix.exe
[2013.06.11 21:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 21:51:05 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable
[2013.06.11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013.06.11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013.06.11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013.06.10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013.06.10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013.06.10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013.06.08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf
[2013.05.24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 21:55:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 21:55:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 21:55:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 21:55:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 21:55:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable
[2013.06.10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013.06.08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013.05.24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel
[2013.02.11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol
[2012.12.12 21:31:10 | 000,000,016 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\blckdom.res
[2012.04.17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.01.10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.09.08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.07.29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68}
[2011.06.14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C
[2011.03.12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo
[2012.11.10 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Avbe
[2013.06.10 07:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Carina\AppData\Roaming\Brokxkwet
[2012.11.14 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Daeds
[2010.09.22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing
[2012.01.28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular
[2012.12.17 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Evky
[2012.11.16 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Fahaf
[2011.09.29 16:14:16 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Faxtxt
[2011.03.23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0
[2013.05.22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ
[2012.12.12 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\kock
[2011.05.22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand
[2011.03.16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org
[2011.03.31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client
[2010.11.10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online
[2011.03.14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird
[2010.09.12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP
[2012.09.29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software
[2012.12.13 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\UAs
[2012.11.14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Unywti
[2011.05.22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer
[2012.12.13 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

aharonov 11.06.2013 21:44
Hallo,

Combofix hat noch nicht ganz alles erwischt.
Helfen wir ein bisschen nach:


Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.



Schritt 1

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    File::
    C:\Users\Carina\AppData\Roaming\blckdom.res

    Folder::
    c:\users\Carina\AppData\Roaming\Brokxkwet
    C:\Users\Carina\AppData\Roaming\Avbe
    C:\Users\Carina\AppData\Roaming\Daeds
    C:\Users\Carina\AppData\Roaming\Evky
    C:\Users\Carina\AppData\Roaming\Fahaf
    C:\Users\Carina\AppData\Roaming\Faxtxt
    C:\Users\Carina\AppData\Roaming\kock
    C:\Users\Carina\AppData\Roaming\UAs
    C:\Users\Carina\AppData\Roaming\Unywti
    C:\Users\Carina\AppData\Roaming\xmldm

    DDS::
    uInternet Settings,ProxyServer = 193.196.5.253:3128

    ClearJavaCache::
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!




Bitte poste in deiner nächsten Antwort:
  • Log von Combofix

carina145 11.06.2013 22:10
Combofix Logfile:
Code:
ComboFix 13-06-08.02 - Carina 11.06.2013  22:57:52.2.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2935.1602 [GMT 2:00]
ausgeführt von:: c:\users\Carina\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Carina\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Carina\AppData\Roaming\blckdom.res"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carina\AppData\Roaming\Avbe
c:\users\Carina\AppData\Roaming\Avbe\haid.lux
c:\users\Carina\AppData\Roaming\blckdom.res
c:\users\Carina\AppData\Roaming\Brokxkwet
c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe
c:\users\Carina\AppData\Roaming\Daeds
c:\users\Carina\AppData\Roaming\Daeds\xiazu.uwd
c:\users\Carina\AppData\Roaming\Evky
c:\users\Carina\AppData\Roaming\Fahaf
c:\users\Carina\AppData\Roaming\Faxtxt
c:\users\Carina\AppData\Roaming\kock
c:\users\Carina\AppData\Roaming\UAs
c:\users\Carina\AppData\Roaming\UAs\_UAs001.dat
c:\users\Carina\AppData\Roaming\Unywti
c:\users\Carina\AppData\Roaming\Unywti\tocir.keu
c:\users\Carina\AppData\Roaming\xmldm
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 21:07 . 2013-06-11 21:07        --------        d-----w-        c:\users\Carina\AppData\Local\temp
2013-06-11 21:07 . 2013-06-11 21:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-11 05:37 . 2013-06-11 05:37        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\users\Carina\AppData\Roaming\Malwarebytes
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-10 20:29 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-10 20:29 . 2013-06-10 20:29        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-06-08 12:11 . 2013-06-08 12:11        --------        d-----w-        c:\programdata\McAfee
2013-06-07 13:33 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\mpengine.dll
2013-05-24 21:42 . 2013-05-24 21:42        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-24 12:27 . 2013-05-24 12:27        262552        ----a-w-        c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 13:41 . 2013-05-22 13:41        --------        d-----w-        c:\users\Carina\Tracing
2013-05-22 13:41 . 2013-05-22 13:41        --------        d-----w-        c:\program files\7-Zip
2013-05-22 13:40 . 2013-05-16 12:02        632656        ----a-w-        c:\windows\system32\msvcr80.dll
2013-05-22 13:40 . 2013-05-16 12:02        554832        ----a-w-        c:\windows\system32\msvcp80.dll
2013-05-22 13:40 . 2013-05-16 12:02        479232        ----a-w-        c:\windows\system32\msvcm80.dll
2013-05-18 08:14 . 2013-04-10 05:18        728424        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 08:14 . 2013-04-10 05:18        218984        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 08:14 . 2013-04-10 03:14        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-05-18 08:13 . 2013-03-19 04:53        186368        ----a-w-        c:\windows\system32\wwansvc.dll
2013-05-18 08:13 . 2013-03-19 03:33        40960        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-05-18 08:13 . 2013-02-27 05:05        101720        ----a-w-        c:\windows\system32\consent.exe
2013-05-18 08:13 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\system32\authui.dll
2013-05-18 08:13 . 2013-02-27 04:49        47104        ----a-w-        c:\windows\system32\appinfo.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:06 . 2012-07-14 16:35        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-16 18:06 . 2011-09-05 16:59        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 09:54 . 2011-03-28 10:36        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 08:07 . 2013-05-10 08:08        66656        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-06-28 23:04        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-18 08:14        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 08:14        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-27 16:14        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-01 12:28 . 2012-10-18 16:53        84744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-04-01 12:28 . 2012-10-18 16:53        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-04-01 12:28 . 2012-10-18 16:53        135136        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-14 09:35        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 09:35        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-14 09:35        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-14 09:35        69632        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-14 17:41        220632        ----a-w-        c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-24 17:19        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Luxand Blink!"="c:\program files\Luxand\Blink!\LuxandBlinkTray.exe" [2010-10-18 7143224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-10 345312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-11 40776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-01 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-04-01 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2012-09-11 1034880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:06]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-puoomizl - c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  23:09:16
ComboFix-quarantined-files.txt  2013-06-11 21:09
ComboFix2.txt  2013-06-11 20:18
.
Vor Suchlauf: 11 Verzeichnis(se), 267.271.864.320 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 267.241.570.304 Bytes frei
.
- - End Of File - - 072A8AD28CD9ADF393923EF75372ABE0
--- --- ---
8A1C59E4DFEF87510470928550466632




so...ist er endlich weg? :-) Danke schon mal für die ganze Mühe und Arbeit. Habt ihr eigtl ein Spendenkonto? :-)

aharonov 11.06.2013 22:21
Zitat:
ist er endlich weg? :-)
Hoffentlich, ja. :)
Aber zur Sicherheit machen wir noch einen Kontrolldurchgang. Und wir schliessen auch noch vorhandene Sicherheitslücken, um so ein Schlamassel in Zukunft zu verhindern.

Zitat:
Habt ihr eigtl ein Spendenkonto? :-)
Das haben wir, ja: http://www.trojaner-board.de/79994-s...ndenkonto.html


Schritt 1
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL

carina145 11.06.2013 22:57
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Carina :: CARINA-PC [Administrator]

11.06.2013 23:25:15
mbam-log-2013-06-11 (23-25-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211277
Laufzeit: 8 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL Logfile:
Code:
OTL logfile created on: 6/11/2013 11:38:17 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Carina\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 46.29% Memory free
5.73 Gb Paging File | 4.07 Gb Available in Paging File | 71.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 248.84 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
 
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe
PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe
PRC - [2013/05/24 14:27:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 20:06:03 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 03:14:16 | 000,176,128 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe
MOD - [2013/05/24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 20:06:03 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2012/10/24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2012/01/10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2012/04/14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Carina\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/12/18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/08 14:10:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006
 
[2013/06/11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions
[2011/03/14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/06/11 21:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions
[2013/06/11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.iminent.com/?appId=88DA0528-E556-4B54-8EBF-653911D9816D
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/06/11 23:07:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/11 23:09:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/11 23:09:18 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\temp
[2013/06/11 21:55:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/11 21:55:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/11 21:55:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/11 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/11 21:53:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes
[2013/06/10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/08 14:09:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0}
[2013/05/22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing
[2013/05/22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings
[2013/05/22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/05/22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/05/18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe
[2013/06/11 23:07:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/11 22:59:07 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 22:59:07 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 22:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 22:50:51 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable
[2013/06/11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013/06/11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
[2013/06/11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013/06/10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013/06/10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
[2013/06/10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013/06/08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf
[2013/05/24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/11 23:34:09 | 000,890,839 | ---- | C] () -- C:\Users\Carina\Desktop\SecurityCheck.exe
[2013/06/11 21:55:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 21:55:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 21:55:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 21:55:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 21:55:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable
[2013/06/10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG
[2013/06/08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf
[2013/05/24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel
[2013/02/11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol
[2012/04/17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012/01/10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/09/08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68}
[2011/06/14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C
[2011/03/12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/11/19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo
[2010/09/22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite
[2010/11/01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing
[2012/01/28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular
[2011/03/23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0
[2013/05/22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ
[2011/05/22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand
[2011/03/16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org
[2011/03/31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client
[2010/11/10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online
[2011/03/14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird
[2010/09/12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP
[2012/09/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software
[2011/05/22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---




Das andere 2. Schritt lasse ich bis Morgen durchlaufen, dauert ewig. Dann lade ich es hoch.

aharonov 11.06.2013 23:08
Zitat:
Das andere 2. Schritt lasse ich bis Morgen durchlaufen, dauert ewig. Dann lade ich es hoch.
Ja, das ist in Ordnung. Der dauert in der Tat etwas länger.. ;)

carina145 12.06.2013 05:28
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d4c5ea0ec04f74db6f2eaa3d7e6d431
# engine=14051
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 09:56:29
# local_time=2013-06-11 11:56:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 7525 236411079 6199 0
# compatibility_mode=5893 16776573 100 94 3976 122618980 0 0
# scanned=6094
# found=0
# cleaned=0
# scan_time=1589
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d4c5ea0ec04f74db6f2eaa3d7e6d431
# engine=14051
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-12 01:12:42
# local_time=2013-06-12 03:12:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 19298 236422852 17972 0
# compatibility_mode=5893 16776573 100 94 12866 122630753 0 0
# scanned=204313
# found=2
# cleaned=0
# scan_time=11619
sh=6B26A4D970F18E092529DD83D0BCBB3D6878F50F ft=1 fh=fad9acbae316756b vn="a variant of Win32/Kryptik.BDGS trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Carina\AppData\Roaming\videoqhmem.exe.vir"
sh=D653FD9C30414429B83C8138CCC8925D52CD7C71 ft=1 fh=c71c0011f81b4d9f vn="a variant of Win32/Injector.AHVN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe.vir"

aharonov 12.06.2013 14:37
Hallo,

die beiden Funde von ESET sind bereits in Quarantäne. Sieht also wieder gut aus.
Wirf noch das alte Java runter und dann räumen wir auf.


Schritt 1

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Starte defogger und drücke den Button Re-enable.
  2. Deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

carina145 12.06.2013 15:41
Super vielen Dank für die Hilfe. Ich bin auch froh wenn ich so bald hier nicht mehr auftauchen muss. Spende kommt sobald mein Inet-Banking wieder funktioniert :-)

aharonov 12.06.2013 15:48
Danke für die Rückmeldung.
Und im Namen des Teams dank ich schon mal für die Spende!


Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131