Liebe Helfer.
Leider habe ich den Rechner mit dem beschriebenen GUV-Trojaner infiziert.
Da man die Schritte nicht blind befolgen soll, hier dazu also nochmal ein neues Thema.
Zuerst habe ich defoggerausgeführt
Ich habe mir dann von einem externen Rechner bereits OTL runtergeladen und ausgeführt, schaffe es aber noch nichtmal die entstandenen Texte als Anhang zu posten, deshalb nun im Text.
Schonmal vielen Dank, falls mich jemand retten kann.

OTL logfile created on: 10.10.2012 19:48:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 84,07% Memory free
5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 19,59 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS
Drive F: | 3,77 Gb Total Space | 2,75 Gb Free Space | 73,00% Space Free | Partition Type: FAT

Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WiselinkPro) -- C:\Programme\Samsung\PC Auto Backup\WiselinkPro.exe (Samsung)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE292
IE - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.05 14:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.05 14:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.27 19:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-155572942-3347921709-2002523512-1003..\Run: [wuyb.exe] C:\Users\***\AppData\Roaming\Ycdenu\wuyb.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://sb-frankfurt.e-learning.cc/content/bitmedia/de/wd04bg/awlm/awswax.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00757275-7F72-47C3-903B-8C7A8BBB314A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7E7BF23-EF8C-4403-B976-1A3661F93B96}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f62d853-be00-11e1-9dc2-0013779ac033}\Shell - "" = AutoRun
O33 - MountPoints2\{5f62d853-be00-11e1-9dc2-0013779ac033}\Shell\AutoRun\command - "" = G:\iLinker.exe
O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\instDX\command - "" = E:\directX\dxsetup.exe
O33 - MountPoints2\{f776b3ee-2558-11dd-913b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.10 19:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.10.10 19:47:08 | 000,000,000 | ---D | C] -- C:\OTL
[2012.10.10 13:15:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.09 21:23:50 | 000,000,000 | ---D | C] -- C:\User\***\Desktop\Alte Firefox-Daten
[2012.10.09 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IObit
[2012.10.09 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Snap Toolbar Removal Tool
[2012.10.09 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2012.10.07 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.10.07 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.10.06 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ytegq
[2012.10.06 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\***
[2012.10.03 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dpdhl.versandhelfer
[2012.10.03 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.10.02 20:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.29 20:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F5FB7147142D06680000F5FB70520CD0
[2012.09.28 15:10:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.09.27 19:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.09.27 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.27 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.27 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.22 10:18:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 10:18:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 10:18:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 10:18:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 10:18:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 10:18:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 10:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 10:18:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008.07.26 21:29:01 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Johanna\AppData\Local\cmdial32.dll
[1 C:\Users\Johanna\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.10 19:48:22 | 000,684,920 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 19:48:22 | 000,642,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 19:48:22 | 000,149,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 19:48:22 | 000,121,176 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 19:44:38 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.10 19:35:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 19:18:20 | 000,000,710 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelperRun.job
[2012.10.10 19:18:16 | 000,000,710 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelper.job
[2012.10.10 19:18:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 19:18:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:18:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 14:23:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.10.10 13:22:28 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.10.10 13:15:17 | 000,000,760 | ---- | M] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.10 13:15:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.09 21:25:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.09 20:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 20:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 13:58:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 13:58:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 16:30:05 | 000,001,191 | ---- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.03 11:21:46 | 000,000,838 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
[2012.10.03 11:17:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.02 20:21:19 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.30 10:41:45 | 000,025,600 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.28 18:48:49 | 000,003,385 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2012.09.27 19:45:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Users\Johanna\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.10 19:44:38 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.10 13:15:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.10 13:15:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.10.07 17:12:18 | 000,000,710 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelperRun.job
[2012.10.07 17:11:58 | 000,000,710 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelper.job
[2012.10.03 11:21:46 | 000,000,838 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
[2012.10.02 20:21:19 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.27 19:45:57 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.27 19:45:57 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 20:13:54 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2011.07.28 22:18:17 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.02.21 18:48:45 | 000,064,544 | ---- | C] () -- C:\Users\***\ESt2010_***_***.elfo
[2011.02.02 18:36:54 | 000,001,318 | ---- | C] () -- C:\Users\***\Bildbestellung.html
[2011.01.16 17:51:07 | 000,528,810 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2011.01.04 17:41:54 | 000,006,926 | ---- | C] () -- C:\Users\***\xx.elfo
[2011.01.04 17:09:36 | 000,006,914 | ---- | C] () -- C:\Users\***\Neuer Versuch.elfo
[2011.01.04 15:57:49 | 000,006,947 | ---- | C] () -- C:\Users\***\xy.elfo
[2010.12.29 17:42:56 | 000,006,936 | ---- | C] () -- C:\Users\***a\neu.elfo
[2010.02.03 11:29:38 | 000,079,656 | ---- | C] () -- C:\Users\***\Steuererklärung 2009.elfo
[2009.11.21 12:33:59 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2008.11.17 21:06:40 | 001,272,767 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.07.27 17:43:03 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.05.15 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.10.03 11:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dpdhl.versandhelfer
[2012.10.07 16:30:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.05.18 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.28 14:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.10.09 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.04.09 19:17:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.18 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012.10.07 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010.09.22 19:57:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.19 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012.06.20 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.10.09 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ycdenu
[2012.10.09 21:03:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ytegq

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 10.10.2012 19:48:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 84,07% Memory free
5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 19,59 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS
Drive F: | 3,77 Gb Total Space | 2,75 Gb Free Space | 73,00% Space Free | Partition Type: FAT

Computer Name: JOHANNA-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F8AFF-4DB4-42A2-963C-CFD7241A81F6}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe |
"{02F1B898-FAD2-48D0-A23A-DCF8E4FC33B0}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe |
"{3DCDB1C0-1626-445F-98C1-6C3EF1D859A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45D37703-D9A4-4240-A611-2EC125D6EB5D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{93AF3ADA-24D0-46D2-B0DE-9EA5ED1E066D}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe |
"{9A61B122-8FF4-469C-9AF3-187C75EE8D97}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe |
"{A2B79F90-F99C-4244-B65D-7F04A987156C}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe |
"{AD160868-3849-41EA-845A-165ADC241E8B}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe |
"{F1096425-1F70-46DA-A4A2-164CDE6A47BC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{130E3ABB-4092-4D75-AAE2-242912396E12}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{323883A4-BC79-47F9-845A-1EE380D38F6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{59434B0B-7A12-491A-AFC8-046C87D97339}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{6EF1125B-8A25-41EC-A085-45603AEA1BFA}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
"TCP Query User{85411E5F-A34B-4068-91A7-472345B70179}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{89FD3B1F-F05E-4571-8ACB-295970AB2FE5}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe |
"TCP Query User{8FB9B96C-941F-4966-A597-D58AAD11942D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{92BEACB7-EF3C-4309-A39A-4BF3D19C1C7A}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{C2BF57B3-DFFD-4B41-9FB7-876B77F994CD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C52B0703-73D3-4355-BB4F-397A2A447B7B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{CE797456-0134-4977-884A-116772B9CED0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{125869F3-7255-430A-BF4D-5F63063D15C2}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{1DDACD49-39B7-4C23-A84F-88A7CB5E51CF}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{20F6C3F5-F8AB-4AFF-83DD-749A06AB125B}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe |
"UDP Query User{739FFC34-CB9E-4760-A68C-95285D903C6A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{74A55798-9103-49A9-BC1D-A2176DF4BC0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A1C39BFF-5476-4BD2-918F-54B4E6E182E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AB5C633B-D9AF-406D-8165-F19D156D5AB1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B6B4B208-363F-4D60-8B3B-1C4141C4E739}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CDA9DF7F-DAFD-4DC8-B5B0-60DA1F8BDCE7}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
"UDP Query User{E9A2A45C-A9F1-4EDE-B470-23608AEF67CC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{FEB964E3-44EA-4827-89E9-5580AB282073}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082DF5B7-6572-6B88-F9F3-E1A41707F4A7}" = CCC Help Czech
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{0EE315C8-0081-8B6B-12AF-D26BBF275A82}" = CCC Help Korean
"{10F29C04-6DFA-65AD-B5AA-744255B4D7C8}" = CCC Help Polish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{287A32EF-A420-6596-ADDA-A9DE9A897796}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE84E70-5E53-C8B0-F423-C6494B4FEBED}" = CCC Help German
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EB709B5-0355-B855-8CC0-00821C49DA8B}" = Catalyst Control Center Localization Dutch
"{2F00CF0D-C670-9BD6-51FD-8DD1A0A42E37}" = Catalyst Control Center Localization Czech
"{2F2BB2EC-8494-3C43-6ABF-FEF5C05F3DA6}" = Catalyst Control Center Localization Polish
"{313EAEC4-F4E1-31B9-4F38-107FF621B31F}" = CCC Help Turkish
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E64DF2-8426-C9E0-2829-5485AB959225}" = Catalyst Control Center Core Implementation
"{3345B08C-5CAF-AF8C-301C-1B159BB51556}" = Catalyst Control Center Localization Japanese
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C25440D-FBA4-A668-D088-26842B689ADB}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DFAF6BC-4FE2-5B0D-1C9B-F2055968277B}" = Catalyst Control Center Localization German
"{3FFE6A7B-13B9-494C-29D7-EB46E9E6646C}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{436B50D2-4CA3-A53D-00CF-482A886A1524}" = CCC Help Finnish
"{46623DE3-FDA8-2141-C951-1A2DFA420D03}" = Skins
"{480F7F23-279B-96A4-FAD2-7014D36B79C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56682EAB-48F1-7187-4F48-1FF9645A1D07}" = Catalyst Control Center Localization Finnish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E031BFC-0827-26D4-FDD3-B8D68472DAE1}" = Catalyst Control Center Localization Portuguese
"{5F29B192-AE83-2636-747D-C5D83E79E8FE}" = Catalyst Control Center Localization Chinese Traditional
"{5FE21275-8D6C-CD0F-5B36-394636C0D264}" = CCC Help Thai
"{6001A55E-2A00-C407-67DB-DCFB3E0CD6F2}" = Catalyst Control Center Graphics Previews Vista
"{6290211A-CB26-FD7E-F214-21B15A5F7C87}" = Catalyst Control Center Localization Korean
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681C334E-6E93-84BF-E371-26109B7BF8B8}" = Catalyst Control Center Localization Italian
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B898739-AE0B-574E-9E7F-DCC7907372A0}" = CCC Help English
"{6B991234-EB5B-4FB3-5873-3946854F0850}" = Catalyst Control Center Localization Hungarian
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79538CDE-83AC-0264-3125-145F33D63B88}" = Catalyst Control Center Graphics Light
"{7A00BF8A-A7E5-D3E0-B17F-06BC5AEC48F6}" = CCC Help Japanese
"{7D97029D-B047-F3A1-D6C0-BFF3647AC943}" = Catalyst Control Center Localization French
"{87009005-9492-1307-F01A-25C1554F4F32}" = ccc-core-static
"{87824C5E-2830-63FC-177E-05E16F55F596}" = CCC Help Swedish
"{8E8FFB67-9316-F95E-969F-402722568272}" = CCC Help Italian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{961DC9E8-DDAF-6271-AD0A-689909295476}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A413023B-583C-4BDD-A639-346B1579DC01}" = Catalyst Control Center Localization Thai
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A54A1F3D-E2E0-C9F9-8112-8F0C5A6B06E0}" = Catalyst Control Center Localization Swedish
"{A5C67209-3FC7-A6FF-F7FB-079586F223CC}" = Catalyst Control Center Localization Danish
"{A7A27439-E5CD-AF54-FD49-8A08354D5122}" = Catalyst Control Center Localization Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AD92E291-E249-4AAD-C8FF-BAF0FC7AFE9C}" = CCC Help Greek
"{B15C935A-8944-937D-6FA4-D69BEFFEA643}" = CCC Help Spanish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7263C56-AED3-3D55-918C-E0BAFCCBF0C7}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB219FC1-008E-7D0D-91A0-CAE6D03DAC8C}" = Catalyst Control Center Localization Norwegian
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C550F812-14C4-23F5-F369-6761A9C0E864}" = CCC Help Dutch
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CAED2BFB-E4D5-D367-7179-D09E73C85938}" = Catalyst Control Center Localization Greek
"{CAF81DB8-F5DC-DF09-18A6-DD61635305E8}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D4186013-EE74-7570-17D3-38BC3632D51A}" = CCC Help Norwegian
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9CE4019-982E-BF95-18CE-5EBB5D75D939}" = Catalyst Control Center Graphics Full New
"{DDD45306-E4F0-D309-447F-7B1A0F6F9CAB}" = Catalyst Control Center Localization Spanish
"{E28201F3-2C09-FCD1-6934-84A3A9E4F0BF}" = CCC Help Danish
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A7EE8F-94F0-374C-E4F2-B7CDDE56ECA8}" = Catalyst Control Center Graphics Full Existing
"{F790AD19-127F-9BD7-2655-13E3DA0D7BC2}" = ccc-utility
"{FC20E3FB-60DB-8CFB-4649-CB2F2092F6B2}" = CCC Help Hungarian
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"7-Zip" = 7-Zip 9.21beta
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CDex" = CDex extraction audio
"Diablo" = Diablo
"ElsterFormular ***unknown variable buildnummer***" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Heroes of Might and Magic II" = Heroes of Might and Magic II
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vokabeltrainer für Windows_is1" = Vokabeltrainer für Windows Version 1.51

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-155572942-3347921709-2002523512-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.10.2012 09:11:53 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =

Error - 09.10.2012 09:12:45 | Computer Name =***-PC | Source = VSS | ID = 8194
Description =

Error - 09.10.2012 09:12:46 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567, Prozess-ID 0x1610, Anwendungsstartzeit
01cda61f755b6f25.

Error - 09.10.2012 09:13:37 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =

Error - 09.10.2012 09:34:49 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 09.10.2012 15:19:38 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =

Error - 09.10.2012 15:25:29 | Computer Name = ***a-PC | Source = EventSystem | ID = 4621
Description =

Error - 10.10.2012 07:21:04 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
0x503723f6, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x13cc,
Anwendungsstartzeit 01cda6d953997d2f.

Error - 10.10.2012 07:24:14 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =

Error - 10.10.2012 13:36:15 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 07.02.2009 14:45:26 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27.02.2009 18:22:32 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 130
seconds with 120 seconds of active time. This session ended with a crash.

Error - 27.02.2009 18:23:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10.10.2012 07:25:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.10.2012 07:42:21 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2012 07:45:03 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2012 13:35:53 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.10.2012 um 19:18:47 unerwartet heruntergefahren.

Error - 10.10.2012 13:36:05 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2012 13:36:15 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2012 13:36:42 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =

Error - 10.10.2012 13:37:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10.10.2012 13:37:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.10.2012 13:59:31 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

1. Bitte arbeite alle Schritte der Reihe nach ab.
2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
   
   ...und ganz wichtig:
   
   
7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: gmer


Bitte

• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

  WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?

  Unbedingt auf "No" klicken.
• Entferne rechts den Hacken bei:

  • IAT/EAT
  • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
  • Show all (sollte abgehackt sein)

• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe.
• Drücke Start Scan
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bin gerade auf der Arbeit. Werde heute Mittag alles bearbeiten und posten.
Ich hatte es schon mit dem Gmer-Scan versucht (laut erste Schritte im Forum).
Leider ist dabei ein Fehler aufgetreten der ungefähr eine Sekunde aufpoppte, d.h. ich konnte es nicht speichern.
Ich probiere es wie gesagt nochmal heute in der mittagspause.
Schonmal vielen Dank für die schnelle Antwort.

Also, das Scannen mit GMER hat jetzt geklappt. Der Scan mit TDSSkiller hat jedoch kein thread gefunden.
Hier also nur der Text von Gmer.

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-11 17:05:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250JI rev.HS100-06
Running: 1jqmywbr.exe; Driver: C:\Users\Johanna\AppData\Local\Temp\axlirfow.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!GetWindowInfo                                  771B428E 5 Bytes  JMP 6A324536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[640] USER32.dll!SetMenuItemBitmaps + 71                        771C14EE 7 Bytes  JMP 6A324B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateFile + 6               7704424A 4 Bytes  [28, 00, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateFile + B               7704424F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateKey + 6                7704428A 4 Bytes  [68, 01, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateKey + B                7704428F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateMutant + 6             770442BA 4 Bytes  [28, 02, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateMutant + B             770442BF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateSection + 6            7704433A 4 Bytes  [68, 02, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtCreateSection + B            7704433F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtMapViewOfSection + 6         7704499A 4 Bytes  [A8, 04, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtMapViewOfSection + B         7704499F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenFile + 6                 77044A2A 4 Bytes  [68, 00, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenFile + B                 77044A2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenKey + 6                  77044A5A 4 Bytes  [A8, 01, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenKey + B                  77044A5F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenMutant + B               77044A7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcess + 6              77044AAA 1 Byte  [28]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcess + 6              77044AAA 4 Bytes  [28, 03, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcess + B              77044AAF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcessToken + 6         77044ABA 1 Byte  [68]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcessToken + 6         77044ABA 4 Bytes  [68, 03, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcessToken + B         77044ABF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcessTokenEx + 6       77044ACA 4 Bytes  [28, 04, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenProcessTokenEx + B       77044ACF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenSection + 6              77044ADA 4 Bytes  [A8, 02, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenSection + B              77044ADF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenThread + B               77044B1F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenThreadToken + 6          77044B2A 1 Byte  [E8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenThreadToken + B          77044B2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenThreadTokenEx + 6        77044B3A 4 Bytes  [68, 04, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtOpenThreadTokenEx + B        77044B3F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtQueryAttributesFile + 6      77044BCA 4 Bytes  [A8, 00, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtQueryAttributesFile + B      77044BCF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtQueryFullAttributesFile + B  77044C7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtSetInformationFile + 6       7704515A 4 Bytes  [28, 01, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtSetInformationFile + B       7704515F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtSetInformationThread + 6     770451AA 1 Byte  [A8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtSetInformationThread + 6     770451AA 4 Bytes  [A8, 03, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtSetInformationThread + B     770451AF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ntdll.dll!NtUnmapViewOfSection + B       7704544F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] kernel32.dll!CreateProcessW              76F01BF3 5 Bytes  JMP 000100B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] kernel32.dll!CreateProcessA              76F01C28 5 Bytes  JMP 000100F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] kernel32.dll!OpenEventW                  76F1C033 5 Bytes  JMP 00010070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] kernel32.dll!CreateEventW                76F4B87E 5 Bytes  JMP 00010030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!DeleteObject                   75E55A37 5 Bytes  JMP 001801B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetDeviceCaps                  75E5617F 5 Bytes  JMP 001803B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SelectObject                   75E562A0 5 Bytes  JMP 001805F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetTextColor                   75E5666B 5 Bytes  JMP 00180A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetBkMode                      75E56716 5 Bytes  JMP 001808F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!DeleteDC                       75E568CD 5 Bytes  JMP 00180170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetCurrentObject               75E56B58 5 Bytes  JMP 00180370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetStretchBltMode              75E57206 5 Bytes  JMP 001806B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SaveDC                         75E575BA 5 Bytes  JMP 00180570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!RestoreDC                      75E57675 5 Bytes  JMP 00180530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!StretchDIBits                  75E578CF 5 Bytes  JMP 00180770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!ExtSelectClipRgn               75E579F8 5 Bytes  JMP 001802F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SelectClipRgn                  75E57AF9 5 Bytes  JMP 001805B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!MoveToEx                       75E57C33 5 Bytes  JMP 00180470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!Rectangle                      75E57EA9 5 Bytes  JMP 001809B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextAlign                   75E582E0 5 Bytes  JMP 00180D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetTextAlign                   75E585CB 5 Bytes  JMP 001809F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!ExtTextOutW                    75E5872B 5 Bytes  JMP 00180970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextMetricsW                75E58A81 5 Bytes  JMP 00180E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!IntersectClipRect              75E58B64 5 Bytes  JMP 001803F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetClipBox                     75E59071 5 Bytes  JMP 00180330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetICMMode                     75E594E7 5 Bytes  JMP 00180DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!CreateDCW                      75E5A91D 5 Bytes  JMP 001800F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!CreateDCA                      75E5AA49 5 Bytes  JMP 001800B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!CreateICW                      75E5B2E9 5 Bytes  JMP 00180130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextFaceW                   75E5B637 5 Bytes  JMP 00180D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetFontData                    75E5BA6C 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetFontData                    75E5BA6C 5 Bytes  JMP 00180C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextExtentPoint32W          75E5C01A 5 Bytes  JMP 00180670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetWorldTransform              75E5C46A 5 Bytes  JMP 001806F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!LineTo                         75E5C65E 5 Bytes  JMP 00180430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextMetricsA                75E5CCEB 5 Bytes  JMP 00180DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!ExtTextOutA                    75E600A5 5 Bytes  JMP 00180930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextExtentPoint32A          75E60E58 5 Bytes  JMP 00180630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!ExtEscape                      75E622A7 5 Bytes  JMP 001802B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!Escape                         75E627F1 5 Bytes  JMP 00180270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!ResetDCW                       75E63132 5 Bytes  JMP 00180AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!EndPage                        75E6375E 5 Bytes  JMP 00180230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetPolyFillMode                75E661D3 5 Bytes  JMP 00180B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SetMiterLimit                  75E662E2 5 Bytes  JMP 00180B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetTextFaceA                   75E6F4C5 5 Bytes  JMP 00180CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!GetGlyphOutlineW               75E7A41F 5 Bytes  JMP 00180CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!CreateScalableFontResourceW    75E7C88B 5 Bytes  JMP 00180BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!AddFontResourceW               75E7CC93 5 Bytes  JMP 00180BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!RemoveFontResourceW            75E7D129 5 Bytes  JMP 00180C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!AbortDoc                       75E82CC4 5 Bytes  JMP 00180030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!EndDoc                         75E830D8 5 Bytes  JMP 001801F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!StartPage                      75E831C3 5 Bytes  JMP 00180730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!StartDocW                      75E83CA7 5 Bytes  JMP 001807F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!BeginPath                      75E84465 5 Bytes  JMP 00180830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!SelectClipPath                 75E844BC 5 Bytes  JMP 00180AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!CloseFigure                    75E84517 5 Bytes  JMP 00180070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!EndPath                        75E8456E 5 Bytes  JMP 00180A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!StrokePath                     75E847A0 5 Bytes  JMP 001807B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!FillPath                       75E8482C 5 Bytes  JMP 00180870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!PolylineTo                     75E84C95 5 Bytes  JMP 001804F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!PolyBezierTo                   75E84D25 5 Bytes  JMP 001804B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] GDI32.dll!PolyDraw                       75E84DD6 5 Bytes  JMP 001808B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!SetCursor                     771AD37D 5 Bytes  JMP 00190530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!RegisterClipboardFormatW      771AD6AC 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!RegisterClipboardFormatW      771AD6AC 5 Bytes  JMP 001902B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!ActivateKeyboardLayout        771B478C 5 Bytes  JMP 001904F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!IsWindowVisible               771B878A 7 Bytes  JMP 001906B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!MonitorFromWindow             771B88D4 7 Bytes  JMP 00190630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!ScreenToClient                771B8C56 7 Bytes  JMP 00190670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClientRect                 771B8F0D 7 Bytes  JMP 001905B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetParent                     771B90AA 7 Bytes  JMP 001906F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!RegisterClipboardFormatA      771BA111 5 Bytes  JMP 001902F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!PostMessageW                  771BA175 5 Bytes  JMP 001905F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!MapWindowPoints               771BA30D 5 Bytes  JMP 00190570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardFormatNameA       771BA552 5 Bytes  JMP 00190270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetOpenClipboardWindow        771C26A6 5 Bytes  JMP 001903F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!SetClipboardViewer            771CBA2D 5 Bytes  JMP 001904B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!IsClipboardFormatAvailable    771CC2E3 5 Bytes  JMP 001900F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!CloseClipboard                771CC2F7 5 Bytes  JMP 001900B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!OpenClipboard                 771CC31D 5 Bytes  JMP 00190070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetTopWindow                  771CCE0A 7 Bytes  JMP 00190730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardSequenceNumber    771CD8B7 5 Bytes  JMP 00190330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!ChangeClipboardChain          771CDF83 5 Bytes  JMP 00190430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!CountClipboardFormats         771D0048 5 Bytes  JMP 001901F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardOwner             771D26EF 5 Bytes  JMP 00190370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!SetClipboardData              771E6410 5 Bytes  JMP 00190170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!EnumClipboardFormats          771E6D16 5 Bytes  JMP 001901B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!SetCursorPos                  771E6FB2 5 Bytes  JMP 00190770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardData              771E715A 5 Bytes  JMP 00190030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardFormatNameW       771EA99F 5 Bytes  JMP 00190230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!EmptyClipboard                7720398B 5 Bytes  JMP 00190130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetClipboardViewer            772039ED 5 Bytes  JMP 00190470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] USER32.dll!GetPriorityClipboardFormat    77203AEF 5 Bytes  JMP 001903B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ole32.dll!OleGetClipboard                75F174C9 5 Bytes  JMP 001A00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ole32.dll!OleSetClipboard                75F411E3 5 Bytes  JMP 001A0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] ole32.dll!OleIsCurrentClipboard          75F4A8F9 5 Bytes  JMP 001A0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!FreeContextBuffer            75532D83 5 Bytes  JMP 001C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!DeleteSecurityContext        75532F18 5 Bytes  JMP 001C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!FreeCredentialsHandle        75533598 5 Bytes  JMP 001C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!EncryptMessage               75533745 5 Bytes  JMP 001C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!DecryptMessage               75533813 5 Bytes  JMP 001C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!InitializeSecurityContextA   755387DF 5 Bytes  JMP 001C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!AcquireCredentialsHandleA    75538A43 5 Bytes  JMP 001C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!QueryContextAttributesA      75538E77 5 Bytes  JMP 001C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!ApplyControlToken            7553DE4F 5 Bytes  JMP 001C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[1188] Secur32.dll!QueryCredentialsAttributesA  7553E052 5 Bytes  JMP 001C00B0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] ntdll.dll!LdrLoadDll                                              77009378 5 Bytes  JMP 6A1D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] kernel32.dll!HeapSetInformation + 26                              76F2A8C0 7 Bytes  JMP 6A1D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] kernel32.dll!LockResource + C                                     76F46B0B 7 Bytes  JMP 6A407B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] kernel32.dll!VirtualAllocEx + 54                                  76F4AF70 7 Bytes  JMP 6A407B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] USER32.dll!GetWindowInfo                                          771B428E 5 Bytes  JMP 6A32B77F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1900] GDI32.dll!SetStretchBltMode + 256                                 75E5745C 7 Bytes  JMP 6A407AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875ad5c                                          
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027875ad5c (not active ControlSet)                      

---- EOF - GMER 1.0.15 ----
         

Noch als Zusatzinfo.
Ich habe den Rechner gerade neu hochgefahren.
Ein Starten über den abgesichrten Modus hat sich zwei mal aufgehängt, d.h. es stoppte mittendrin und dann passierte nichts mehr.
Der dritte Versuch war dann im normalen Modusohne drücken von F8 usw.
Dabei wurde das Programm CHKDSK automatisch durchgeführt. Der Rechner ist nun nicht mehr gesperrt, bei dem Versuch ins Internet zu gehen.
Vermutlich wimmelt es jetzt nur noch im Hintergrund?

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

• Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
  Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
  Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
  Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.

Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-10-12.01 - Johanna 12.10.2012   8:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2813.1594 [GMT 2:00]
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\lsass.exe
c:\users\Johanna\AppData\Roaming\AcroIEHelpe.txt
c:\users\Johanna\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-12 bis 2012-10-12  ))))))))))))))))))))))))))))))
.
.
2012-10-12 06:54 . 2012-10-12 06:54	--------	d-----w-	c:\users\Johanna\AppData\Local\temp
2012-10-12 06:54 . 2012-10-12 06:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-11 17:57 . 2012-10-11 17:57	--------	d-----w-	C:\found.000
2012-10-10 17:47 . 2012-10-10 17:47	--------	d-----w-	C:\OTL
2012-10-09 19:18 . 2012-10-09 19:18	--------	d-----w-	c:\users\Johanna\AppData\Roaming\IObit
2012-10-09 13:36 . 2012-10-09 18:29	--------	d-----w-	c:\program files\Snap Toolbar Removal Tool
2012-10-09 11:32 . 2012-10-09 11:32	--------	d-----w-	c:\users\Johanna\AppData\Local\Apps
2012-10-09 10:39 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E406BA6-0E98-4C78-93CE-10DF7E34A602}\mpengine.dll
2012-10-07 14:29 . 2012-10-07 14:29	--------	d-----w-	c:\users\Johanna\AppData\Roaming\OpenCandy
2012-10-07 14:29 . 2012-10-07 14:29	--------	d-----w-	c:\program files\DVDVideoSoft
2012-10-06 15:32 . 2012-10-09 19:03	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Ytegq
2012-10-06 15:32 . 2012-10-09 16:24	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Ycdenu
2012-10-03 09:21 . 2012-10-03 09:21	--------	d-----w-	c:\users\Johanna\AppData\Roaming\dpdhl.versandhelfer
2012-10-03 09:21 . 2012-10-03 09:21	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2012-10-02 18:19 . 2012-10-12 06:36	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-09-30 19:07 . 2012-09-30 19:07	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Malwarebytes
2012-09-30 19:07 . 2012-09-30 19:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-29 18:55 . 2012-09-30 08:19	--------	d-----w-	c:\programdata\F5FB7147142D06680000F5FB70520CD0
2012-09-28 13:10 . 2012-09-28 13:10	--------	d-----w-	c:\users\Johanna\AppData\Local\Macromedia
2012-09-27 17:46 . 2012-09-27 17:46	--------	d-----w-	c:\users\Johanna\AppData\Local\Mozilla
2012-09-27 17:45 . 2012-09-27 17:45	--------	d-----w-	c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 11:58 . 2012-04-16 09:12	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:58 . 2011-06-02 08:46	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-07-04 17:56	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-04-19 18:03	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-13 17:47 . 2011-01-16 15:51	528810	----a-w-	c:\users\Johanna\AppData\Roaming\mdbu.bin
2012-08-05 12:05 . 2012-08-05 12:05	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-08-05 12:05 . 2012-08-05 12:05	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-06 01:26 . 2012-09-27 17:45	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-05 296096]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-09-19 3363240]
.
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
PC Auto Backup.lnk - c:\program files\Samsung\PC Auto Backup\AutoBackup.exe [2012-1-18 820736]
Philips SA19xx Gere-Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-28 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:58]
.
2012-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-12 15:24]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:23]
.
2012-10-12 c:\windows\Tasks\OpenCandyHelper.job
- c:\users\Johanna\AppData\Roaming\OpenCandy\4AC751CF0BF644B6A84FC1A181E93A5A\OCBrowserHelper_1.0.3.85.dll [2012-09-05 18:37]
.
2012-10-12 c:\windows\Tasks\OpenCandyHelperRun.job
- c:\users\Johanna\AppData\Roaming\OpenCandy\4AC751CF0BF644B6A84FC1A181E93A5A\OCBrowserHelper_1.0.3.85.dll [2012-09-05 18:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE: Free YouTube to MP3 Converter - c:\users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\2w51n7wg.default-1349810624698\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-wuyb.exe - c:\users\Johanna\AppData\Roaming\Ycdenu\wuyb.exe
AddRemove-Heroes of Might and Magic II - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-12 08:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-10-12  08:59:42
ComboFix-quarantined-files.txt  2012-10-12 06:59
.
Vor Suchlauf: 14 Verzeichnis(se), 20.446.355.456 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 18.564.521.984 Bytes frei
.
- - End Of File - - C77F4DAC1BAB73CD850E998908323610
         

Schritt 1: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code: Alles auswählenAufklappen

ATTFilter

FOLDER::
c:\users\Johanna\AppData\Roaming\Ytegq
c:\users\Johanna\AppData\Roaming\Ycdenu
DDS::
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
CLEARJAVACACHE::
         

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

• Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
  Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes

• Installiere das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

cobofixdatei

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-10-14.03 - Johanna 15.10.2012   8:08.2.2 - x86
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johanna\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johanna\AppData\Roaming\Ycdenu
c:\users\Johanna\AppData\Roaming\Ytegq
c:\users\Johanna\AppData\Roaming\Ytegq\cemu.ixo
c:\users\Johanna\AppData\Roaming\Ytegq\cemu.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-15 bis 2012-10-15  ))))))))))))))))))))))))))))))
.
.
2012-10-15 06:17 . 2012-10-15 06:18	--------	d-----w-	c:\users\Johanna\AppData\Local\temp
2012-10-15 06:17 . 2012-10-15 06:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-12 16:06 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E1649DE-0EBC-4821-8E9B-DE2D6F8A7E26}\mpengine.dll
2012-10-11 17:57 . 2012-10-11 17:57	--------	d-----w-	C:\found.000
2012-10-10 17:47 . 2012-10-10 17:47	--------	d-----w-	C:\OTL
2012-10-09 19:18 . 2012-10-09 19:18	--------	d-----w-	c:\users\Johanna\AppData\Roaming\IObit
2012-10-09 13:36 . 2012-10-09 18:29	--------	d-----w-	c:\program files\Snap Toolbar Removal Tool
2012-10-09 11:32 . 2012-10-09 11:32	--------	d-----w-	c:\users\Johanna\AppData\Local\Apps
2012-10-07 14:29 . 2012-10-07 14:29	--------	d-----w-	c:\users\Johanna\AppData\Roaming\OpenCandy
2012-10-07 14:29 . 2012-10-07 14:29	--------	d-----w-	c:\program files\DVDVideoSoft
2012-10-03 09:21 . 2012-10-03 09:21	--------	d-----w-	c:\users\Johanna\AppData\Roaming\dpdhl.versandhelfer
2012-10-03 09:21 . 2012-10-03 09:21	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2012-10-02 18:19 . 2012-10-15 06:00	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-09-30 19:07 . 2012-09-30 19:07	--------	d-----w-	c:\users\Johanna\AppData\Roaming\Malwarebytes
2012-09-30 19:07 . 2012-09-30 19:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-29 18:55 . 2012-09-30 08:19	--------	d-----w-	c:\programdata\F5FB7147142D06680000F5FB70520CD0
2012-09-28 13:10 . 2012-09-28 13:10	--------	d-----w-	c:\users\Johanna\AppData\Local\Macromedia
2012-09-27 17:46 . 2012-09-27 17:46	--------	d-----w-	c:\users\Johanna\AppData\Local\Mozilla
2012-09-27 17:45 . 2012-09-27 17:45	--------	d-----w-	c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 11:58 . 2012-04-16 09:12	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:58 . 2011-06-02 08:46	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-07-04 17:56	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-04-19 18:03	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-13 17:47 . 2011-01-16 15:51	528810	----a-w-	c:\users\Johanna\AppData\Roaming\mdbu.bin
2012-08-05 12:05 . 2012-08-05 12:05	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-08-05 12:05 . 2012-08-05 12:05	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-09-06 01:26 . 2012-09-27 17:45	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-05 296096]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-09-19 3363240]
.
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
PC Auto Backup.lnk - c:\program files\Samsung\PC Auto Backup\AutoBackup.exe [2012-1-18 820736]
Philips SA19xx Gere-Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-28 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:58]
.
2012-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-12 15:24]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:23]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE: Free YouTube to MP3 Converter - c:\users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\2w51n7wg.default-1349810624698\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-15 08:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Philips]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-10-15  08:22:48
ComboFix-quarantined-files.txt  2012-10-15 06:22
ComboFix2.txt  2012-10-12 06:59
.
Vor Suchlauf: 18 Verzeichnis(se), 19.370.192.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 19.190.710.272 Bytes frei
.
- - End Of File - - 0D3BBB1E2DB8C0A72CA8D47A7CF63BA3
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Johanna :: JOHANNA-PC [Administrator]

15.10.2012 09:05:57
mbam-log-2012-10-15 (09-05-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189797
Laufzeit: 4 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Scan mit adwcleaner



Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.005 - Datei am 15/10/2012 um 17:49:07 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Johanna - JOHANNA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Johanna\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\Johanna\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Johanna\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Johanna\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-155572942-3347921709-2002523512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-155572942-3347921709-2002523512-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default-1349810624698 [Profil par défaut]
Datei : C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\2w51n7wg.default-1349810624698\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2886 octets] - [15/10/2012 17:49:07]

########## EOF - C:\AdwCleaner[R1].txt - [2946 octets] ##########
         

Schritt 1: Fix mit adwCleaner

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2: Neues OTL-Log



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

• Doppelklick auf die OTL.exe
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 16.10.2012 08:06:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 61,13% Memory free
5,73 Gb Paging File | 4,40 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 17,28 Gb Free Space | 15,45% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNA-PC | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johanna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Samsung\PC Auto Backup\AutoBackup.exe (Samsung)
PRC - C:\Programme\Samsung\PC Auto Backup\WiselinkPro.exe (Samsung)
PRC - C:\Programme\Samsung\PC Auto Backup\http_ss_win_pro.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2728.28930__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2728.28937__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2728.29164__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2728.28895__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2728.28951__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2728.29157__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2728.29115__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2728.28950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2728.28915__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2728.29192__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2728.29124__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2728.29198__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2728.29131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2728.28909__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2728.29123__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2728.29184__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2728.29159__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2728.29061__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2728.28964__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2728.28916__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2728.29145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2728.28957__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2728.29082__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2728.28970__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2728.29081__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2728.29052__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2728.28971__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2728.29051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2728.29059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2728.29102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2728.29169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2728.29220__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2728.28892__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2728.28924__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2728.29169__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2728.28894__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2728.28903__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2728.28894__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2728.28893__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe ()
MOD - C:\Programme\Samsung\Samsung Recovery Solution II\Resdll.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WiselinkPro) -- C:\Programme\Samsung\PC Auto Backup\WiselinkPro.exe (Samsung)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Johanna\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE292
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.05 14:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.05 14:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions
[2010.09.22 19:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.27 19:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\17.0.963.79\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Extension = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Google Mail = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.10.15 08:18:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://sb-frankfurt.e-learning.cc/content/bitmedia/de/wd04bg/awlm/awswax.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00757275-7F72-47C3-903B-8C7A8BBB314A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7E7BF23-EF8C-4403-B976-1A3661F93B96}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.15 09:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.15 09:04:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.15 09:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.15 08:22:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.15 08:22:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\temp
[2012.10.15 08:04:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.15 07:57:51 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe
[2012.10.12 08:37:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.12 08:37:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.12 08:37:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.12 08:36:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.12 08:36:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.11 19:57:24 | 000,000,000 | ---D | C] -- C:\found.000
[2012.10.10 19:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.10.10 19:47:08 | 000,000,000 | ---D | C] -- C:\OTL
[2012.10.09 21:23:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Alte Firefox-Daten
[2012.10.09 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\IObit
[2012.10.09 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Snap Toolbar Removal Tool
[2012.10.09 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Apps
[2012.10.07 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\OpenCandy
[2012.10.07 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.10.03 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dpdhl.versandhelfer
[2012.10.03 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.10.02 20:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.10.02 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Documents\Anti-Malware
[2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes
[2012.09.30 21:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.29 20:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F5FB7147142D06680000F5FB70520CD0
[2012.09.28 15:10:00 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Macromedia
[2012.09.27 19:46:05 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Mozilla
[2012.09.27 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.27 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.27 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.22 10:18:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 10:18:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 10:18:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 10:18:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 10:18:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 10:18:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 10:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 10:18:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008.07.26 21:29:01 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Johanna\AppData\Local\cmdial32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 08:05:50 | 000,685,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.16 08:05:50 | 000,642,926 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.16 08:05:50 | 000,150,008 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.16 08:05:50 | 000,121,814 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.16 07:58:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.16 07:58:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 07:58:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 07:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 07:57:36 | 2950,873,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 19:18:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.15 18:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 18:30:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 09:04:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 08:18:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.15 07:57:41 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe
[2012.10.13 18:11:27 | 000,504,455 | ---- | M] () -- C:\Users\Johanna\LH_WEBCKI.LI.STANDALONE.aku27xZ3B9qXZPcc2C0x02.pdf
[2012.10.12 11:17:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.11 08:30:40 | 000,001,356 | ---- | M] () -- C:\Users\Johanna\AppData\Local\d3d9caps.dat
[2012.10.10 21:14:50 | 000,015,514 | ---- | M] () -- C:\Users\Johanna\Desktop\Desktop.7z
[2012.10.10 19:44:38 | 000,000,000 | ---- | M] () -- C:\Users\Johanna\defogger_reenable
[2012.10.10 14:23:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe
[2012.10.09 13:58:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 13:58:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 16:30:05 | 000,001,191 | ---- | M] () -- C:\Users\Johanna\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.03 11:21:46 | 000,000,838 | ---- | M] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
[2012.10.02 20:21:19 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.30 10:41:45 | 000,025,600 | ---- | M] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.28 18:48:49 | 000,003,385 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2012.09.27 19:45:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.15 09:04:59 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.13 18:11:25 | 000,504,455 | ---- | C] () -- C:\Users\Johanna\LH_WEBCKI.LI.STANDALONE.aku27xZ3B9qXZPcc2C0x02.pdf
[2012.10.12 17:49:35 | 2950,873,088 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.12 08:37:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.12 08:37:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.12 08:37:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.12 08:37:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.12 08:37:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.10 21:14:50 | 000,015,514 | ---- | C] () -- C:\Users\Johanna\Desktop\Desktop.7z
[2012.10.10 19:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\defogger_reenable
[2012.10.03 11:21:46 | 000,000,838 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
[2012.10.02 20:21:19 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.27 19:45:57 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.27 19:45:57 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 20:13:54 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2011.07.28 22:18:17 | 000,001,356 | ---- | C] () -- C:\Users\Johanna\AppData\Local\d3d9caps.dat
[2011.02.21 18:48:45 | 000,064,544 | ---- | C] () -- C:\Users\Johanna\ESt2010_Guenther_Johanna.elfo
[2011.02.02 18:36:54 | 000,001,318 | ---- | C] () -- C:\Users\Johanna\Bildbestellung.html
[2011.01.16 17:51:07 | 000,528,810 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\mdbu.bin
[2011.01.04 17:41:54 | 000,006,926 | ---- | C] () -- C:\Users\Johanna\xx.elfo
[2011.01.04 17:09:36 | 000,006,914 | ---- | C] () -- C:\Users\Johanna\Neuer Versuch.elfo
[2011.01.04 15:57:49 | 000,006,947 | ---- | C] () -- C:\Users\Johanna\xy.elfo
[2010.12.29 17:42:56 | 000,006,936 | ---- | C] () -- C:\Users\Johanna\neu.elfo
[2010.02.03 11:29:38 | 000,079,656 | ---- | C] () -- C:\Users\Johanna\Steuererklärung 2009.elfo
[2009.11.21 12:33:59 | 000,000,600 | ---- | C] () -- C:\Users\Johanna\AppData\Local\PUTTY.RND
[2008.11.17 21:06:40 | 001,272,767 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\UserTile.png
[2008.07.27 17:43:03 | 000,025,600 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 16.10.2012 08:06:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johanna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 61,13% Memory free
5,73 Gb Paging File | 4,40 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 17,28 Gb Free Space | 15,45% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 96,18 Gb Free Space | 86,65% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNA-PC | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F8AFF-4DB4-42A2-963C-CFD7241A81F6}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe | 
"{02F1B898-FAD2-48D0-A23A-DCF8E4FC33B0}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\http_ss_win_pro.exe | 
"{3DCDB1C0-1626-445F-98C1-6C3EF1D859A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45D37703-D9A4-4240-A611-2EC125D6EB5D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{93AF3ADA-24D0-46D2-B0DE-9EA5ED1E066D}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | 
"{9A61B122-8FF4-469C-9AF3-187C75EE8D97}" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | 
"{A2B79F90-F99C-4244-B65D-7F04A987156C}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | 
"{AD160868-3849-41EA-845A-165ADC241E8B}" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\wiselinkpro.exe | 
"{F1096425-1F70-46DA-A4A2-164CDE6A47BC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"TCP Query User{0FBA5FC0-87AE-47A3-97A8-64FB0CBC1D00}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | 
"TCP Query User{130E3ABB-4092-4D75-AAE2-242912396E12}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{323883A4-BC79-47F9-845A-1EE380D38F6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{59434B0B-7A12-491A-AFC8-046C87D97339}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{6EF1125B-8A25-41EC-A085-45603AEA1BFA}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
"TCP Query User{85411E5F-A34B-4068-91A7-472345B70179}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{89FD3B1F-F05E-4571-8ACB-295970AB2FE5}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=6 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | 
"TCP Query User{8FB9B96C-941F-4966-A597-D58AAD11942D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{92BEACB7-EF3C-4309-A39A-4BF3D19C1C7A}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"TCP Query User{C2BF57B3-DFFD-4B41-9FB7-876B77F994CD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C52B0703-73D3-4355-BB4F-397A2A447B7B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{CE797456-0134-4977-884A-116772B9CED0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{125869F3-7255-430A-BF4D-5F63063D15C2}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{1DDACD49-39B7-4C23-A84F-88A7CB5E51CF}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{20F6C3F5-F8AB-4AFF-83DD-749A06AB125B}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | 
"UDP Query User{739FFC34-CB9E-4760-A68C-95285D903C6A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{74A55798-9103-49A9-BC1D-A2176DF4BC0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{7D0A442C-B385-4FEE-8AC3-2E05A8FF2BD9}C:\program files\samsung\pc auto backup\autobackup.exe" = protocol=17 | dir=in | app=c:\program files\samsung\pc auto backup\autobackup.exe | 
"UDP Query User{A1C39BFF-5476-4BD2-918F-54B4E6E182E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AB5C633B-D9AF-406D-8165-F19D156D5AB1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B6B4B208-363F-4D60-8B3B-1C4141C4E739}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CDA9DF7F-DAFD-4DC8-B5B0-60DA1F8BDCE7}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
"UDP Query User{E9A2A45C-A9F1-4EDE-B470-23608AEF67CC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{FEB964E3-44EA-4827-89E9-5580AB282073}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082DF5B7-6572-6B88-F9F3-E1A41707F4A7}" = CCC Help Czech
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{0EE315C8-0081-8B6B-12AF-D26BBF275A82}" = CCC Help Korean
"{10F29C04-6DFA-65AD-B5AA-744255B4D7C8}" = CCC Help Polish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{287A32EF-A420-6596-ADDA-A9DE9A897796}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE84E70-5E53-C8B0-F423-C6494B4FEBED}" = CCC Help German
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EB709B5-0355-B855-8CC0-00821C49DA8B}" = Catalyst Control Center Localization Dutch
"{2F00CF0D-C670-9BD6-51FD-8DD1A0A42E37}" = Catalyst Control Center Localization Czech
"{2F2BB2EC-8494-3C43-6ABF-FEF5C05F3DA6}" = Catalyst Control Center Localization Polish
"{313EAEC4-F4E1-31B9-4F38-107FF621B31F}" = CCC Help Turkish
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E64DF2-8426-C9E0-2829-5485AB959225}" = Catalyst Control Center Core Implementation
"{3345B08C-5CAF-AF8C-301C-1B159BB51556}" = Catalyst Control Center Localization Japanese
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C25440D-FBA4-A668-D088-26842B689ADB}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DFAF6BC-4FE2-5B0D-1C9B-F2055968277B}" = Catalyst Control Center Localization German
"{3FFE6A7B-13B9-494C-29D7-EB46E9E6646C}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{436B50D2-4CA3-A53D-00CF-482A886A1524}" = CCC Help Finnish
"{46623DE3-FDA8-2141-C951-1A2DFA420D03}" = Skins
"{480F7F23-279B-96A4-FAD2-7014D36B79C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56682EAB-48F1-7187-4F48-1FF9645A1D07}" = Catalyst Control Center Localization Finnish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E031BFC-0827-26D4-FDD3-B8D68472DAE1}" = Catalyst Control Center Localization Portuguese
"{5F29B192-AE83-2636-747D-C5D83E79E8FE}" = Catalyst Control Center Localization Chinese Traditional
"{5FE21275-8D6C-CD0F-5B36-394636C0D264}" = CCC Help Thai
"{6001A55E-2A00-C407-67DB-DCFB3E0CD6F2}" = Catalyst Control Center Graphics Previews Vista
"{6290211A-CB26-FD7E-F214-21B15A5F7C87}" = Catalyst Control Center Localization Korean
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681C334E-6E93-84BF-E371-26109B7BF8B8}" = Catalyst Control Center Localization Italian
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B898739-AE0B-574E-9E7F-DCC7907372A0}" = CCC Help English
"{6B991234-EB5B-4FB3-5873-3946854F0850}" = Catalyst Control Center Localization Hungarian
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79538CDE-83AC-0264-3125-145F33D63B88}" = Catalyst Control Center Graphics Light
"{7A00BF8A-A7E5-D3E0-B17F-06BC5AEC48F6}" = CCC Help Japanese
"{7D97029D-B047-F3A1-D6C0-BFF3647AC943}" = Catalyst Control Center Localization French
"{87009005-9492-1307-F01A-25C1554F4F32}" = ccc-core-static
"{87824C5E-2830-63FC-177E-05E16F55F596}" = CCC Help Swedish
"{8E8FFB67-9316-F95E-969F-402722568272}" = CCC Help Italian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{961DC9E8-DDAF-6271-AD0A-689909295476}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A413023B-583C-4BDD-A639-346B1579DC01}" = Catalyst Control Center Localization Thai
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A54A1F3D-E2E0-C9F9-8112-8F0C5A6B06E0}" = Catalyst Control Center Localization Swedish
"{A5C67209-3FC7-A6FF-F7FB-079586F223CC}" = Catalyst Control Center Localization Danish
"{A7A27439-E5CD-AF54-FD49-8A08354D5122}" = Catalyst Control Center Localization Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AD92E291-E249-4AAD-C8FF-BAF0FC7AFE9C}" = CCC Help Greek
"{B15C935A-8944-937D-6FA4-D69BEFFEA643}" = CCC Help Spanish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7263C56-AED3-3D55-918C-E0BAFCCBF0C7}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB219FC1-008E-7D0D-91A0-CAE6D03DAC8C}" = Catalyst Control Center Localization Norwegian
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C550F812-14C4-23F5-F369-6761A9C0E864}" = CCC Help Dutch
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CAED2BFB-E4D5-D367-7179-D09E73C85938}" = Catalyst Control Center Localization Greek
"{CAF81DB8-F5DC-DF09-18A6-DD61635305E8}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D4186013-EE74-7570-17D3-38BC3632D51A}" = CCC Help Norwegian
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9CE4019-982E-BF95-18CE-5EBB5D75D939}" = Catalyst Control Center Graphics Full New
"{DDD45306-E4F0-D309-447F-7B1A0F6F9CAB}" = Catalyst Control Center Localization Spanish
"{E28201F3-2C09-FCD1-6934-84A3A9E4F0BF}" = CCC Help Danish
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A7EE8F-94F0-374C-E4F2-B7CDDE56ECA8}" = Catalyst Control Center Graphics Full Existing
"{F790AD19-127F-9BD7-2655-13E3DA0D7BC2}" = ccc-utility
"{FC20E3FB-60DB-8CFB-4649-CB2F2092F6B2}" = CCC Help Hungarian
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"7-Zip" = 7-Zip 9.21beta
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CDex" = CDex extraction audio
"Diablo" = Diablo
"ElsterFormular  ***unknown variable buildnummer***" = ElsterFormular 
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}" = PC Auto Backup
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vokabeltrainer für Windows_is1" = Vokabeltrainer für Windows Version 1.51
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.10.2012 14:16:46 | Computer Name = Johanna-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.10.2012 14:16:47 | Computer Name = Johanna-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.10.2012 14:16:47 | Computer Name = Johanna-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.10.2012 14:16:48 | Computer Name = Johanna-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.10.2012 14:16:48 | Computer Name = Johanna-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.10.2012 16:36:32 | Computer Name = Johanna-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.10.2012 02:45:55 | Computer Name = Johanna-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PEV.exe, Version 0.0.0.0, Zeitstempel 0x4e06cfe8,
 fehlerhaftes Modul PEV.exe, Version 0.0.0.0, Zeitstempel 0x4e06cfe8, Ausnahmecode
 0x40000015, Fehleroffset 0x0008d1c0,  Prozess-ID 0x1390, Anwendungsstartzeit 01cda84539fb48d5.
 
Error - 12.10.2012 08:47:43 | Computer Name = Johanna-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.10.2012 08:50:24 | Computer Name = Johanna-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.10.2012 02:06:26 | Computer Name = Johanna-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1210  Anfangszeit: 01cdab64089af6c4  Zeitpunkt der Beendigung:
 16
 
[ OSession Events ]
Error - 07.02.2009 14:45:26 | Computer Name = Johanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2009 18:22:32 | Computer Name = Johanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 130
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2009 18:23:35 | Computer Name = Johanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.10.2012 02:12:52 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 15.10.2012 02:18:05 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 15.10.2012 03:14:57 | Computer Name = Johanna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.10.2012 11:47:28 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.10.2012 11:58:39 | Computer Name = Johanna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.10.2012 12:28:30 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.10.2012 12:35:42 | Computer Name = Johanna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.10.2012 12:54:40 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.10.2012 13:18:26 | Computer Name = Johanna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.10.2012 01:59:19 | Computer Name = Johanna-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Nach dem Deinstallieren von adwcleaner öffnete sich kein weiteres Fenster und es gab auch keinen automatischen Neustart.

Schritt 1: Fix mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3c3c60d0-94b1-4c20-9189-726ed11b9245&searchtype=ds&q={searchTerms}
:Commands
[emptytemp]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: MBAM vollständig


Downloade Dir bitte Malwarebytes

• Installiere das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3: ESET


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Johanna
->Temp folder emptied: 34979 bytes
->Temporary Internet Files folder emptied: 981422996 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74346208 bytes
->Google Chrome cache emptied: 6994210 bytes
->Flash cache emptied: 223398 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6230 bytes
RecycleBin emptied: 7644960 bytes
 
Total Files Cleaned = 1.021,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_145056

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Johanna :: JOHANNA-PC [Administrator]

16.10.2012 15:02:37
mbam-log-2012-10-16 (15-02-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352355
Laufzeit: 2 Stunde(n), 24 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\Johanna\Desktop\Alte Firefox-Daten\user.js	JS/SecurityDisabler.A.Gen application
C:\Users\Johanna\Downloads\SnapToolbarRemovalTool.exe	probably a variant of Win32/SecurityStronghold application
         

Zitat:

C:\Users\Johanna\Desktop\Alte Firefox-Daten\user.js JS/SecurityDisabler.A.Gen application
C:\Users\Johanna\Downloads\SnapToolbarRemovalTool.exe probably a variant of Win32/SecurityStronghold application
n

Lösche diese beiden Dateien noch über den Explorer!

Ansonsten sind wir durch!



Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die jxpiinstall.exe
• Schließe alle laufenden Programme, speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
• Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:

• Öffne erneut die Systemsteuerung --> Programme und Funktionen und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen ....
• Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
• Klicke erneut OK.

Schritt 2: Adobe Reader update


Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

• Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
• Starte die Installation und folge den Anweisungen auf dem Bildschirm.
• Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
• Suche und entferne alle älteren Reader-Versionen.

Schritt 3: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:

• Lade dir den aktuellen Firefox von hier herunter.
• Starte das Setup und folge den Anweisungen auf dem Bildschirm.
• Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
• Entferne alle älteren Firefox-Versionen.
• Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 4: Mozilla Thunderbird update


Dein Thunderbird-Mailclient ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:

• Lade dir den aktuellen Thunderbird von hier herunter.
• Starte das Setup und folge den Anweisungen auf dem Bildschirm.
• Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
• Entferne alle älteren Thunderbird-Versionen.
• Melde dich umgehend, falls Schwierigkeiten auftreten.

Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button




ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code: Alles auswählenAufklappen

ATTFilter

Combofix /Uninstall
         

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




ComboFix

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Uninstall.
• Bestätige mit Ja.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Antviren-Software

• Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
  Eine Auswahl kostenloser Antivirenprogramme:

• AVG Free Anti-Virus
• Avast! Free Anti-Virus
• Microsoft Security Essentials
  Hinweis:MSE wird auch durch Windows Updates angeboten, falls kein Virenscanner am System erkannt wird

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Hallo Psychotic.
Tausend Dank für deine Hilfe!!!
Es scheint soweit alles normal zu laufen.
DANKE!