Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: zbot Trojaner mit Spybot search & destroy entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2012, 17:24   #16
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Can not open file...


Ich geb auf!!!!!!

Alt 22.11.2012, 17:27   #17
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



OK machen wir es so ... du öffnest das Logfile nochmal und schaust bitte was ganz unten steht. Unterhalb von "Scan finished" ... alles das was dann noch kommt ... poste mir bitte hier
__________________

__________________

Alt 22.11.2012, 17:38   #18
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Das ist easy:

16:49:17.0094 3480 Detected object count: 0
16:49:17.0094 3480 Actual detected object count: 0
17:01:44.0774 3848 Deinitialize success

Und von heut morgen:

09:30:56.0558 2148 Scan finished
09:30:56.0558 2148 ============================================================
09:30:56.0568 2812 Detected object count: 0
09:30:56.0568 2812 Actual detected object count: 0
09:32:46.0574 1356 Deinitialize success
__________________

Alt 22.11.2012, 17:43   #19
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Gut!

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.11.2012, 18:58   #20
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Ist wieder so ein langer log. Was mach ich damit?

>>bitte verzweifel nicht an/mit mir<<


Alt 22.11.2012, 18:59   #21
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



There it is

Alt 22.11.2012, 20:26   #22
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Gut gemacht!

Schritt 1:
Deinstalliere Tuneup Utilities
Warnung: Registry-Cleaner
Zitat:
Lesestoff:
Registry-Cleaner und temporäre Dateien
Aus deinen Logfiles geht hervor, dass du eines dieser Programme benutzt. Wir empfehlen solche Programme nicht zu benutzen. Die Registrierung ist ein zentraler Bestandteil des Betriebssystems. Löscht ein Registry-Cleaner die falschen Zeilen kann das im schlimmsten Fall dazu führen, dass dein Computer unbootbar wird. Einige verwaiste Registryeinträge sind nicht weiter tragisch und auch die höhere Geschwindigkeit beim Booten ist normalerweise nicht merklich. Das Risiko, dass das Programm dein System "zerstört" ist einfach zu hoch. Ich empfehle dir also dringend, das Programm zu deinstallieren.

Beispielsweise bei CCleaner wird auch eine Funktion angeboten die temporären Dateien zu löschen. Wenn du von der Registrybereinigung die Finger läßt ist gegen den Einsatz von CCleaner nichts zu sagen. Ein alternatives Programm dafür möchte ich dir gerne noch empfehlen: TFC - einfach als Administrator starten und zurücklehnen.
Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*. 
%appdata%\*.* 
%localappdata%\*. 
%localappdata%\*.*
%allusersprofile%\*. 
%allusersprofile%\*.*
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.11.2012, 21:12   #23
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



# AdwCleaner v2.008 - Datei am 22/11/2012 um 21:01:34 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : Antje - ANTJE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Antje\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Users\Antje\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\Conduit
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\ConduitEngine
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\CT2431245
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AutocompleteProBHO
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v12.0 (de)

Profilname : default
Datei : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\prefs.js

C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Claro Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 03 2012 10:10:52 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 03 2012 10:10:52 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "70959fe8-80bb-4c16-aa10-aeee9a0b3349");
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "a8ea5efd0000000000001c6f65d644ef");
Gelöscht : user_pref("extensions.claro.instlDay", "15666");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:46:56");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=[...]

*************************

AdwCleaner[S1].txt - [9214 octets] - [22/11/2012 21:01:34]

########## EOF - C:\AdwCleaner[S1].txt - [9274 octets] ##########

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2012 21:15:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Antje\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS
 
Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Antje\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Antje\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 3B 07 80 F8 0D CB 01  [binary data]
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{B85725A4-D551-4712-AC11-068E1C2661B0}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 20:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.22 20:59:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 20:47:03 | 000,000,000 | ---D | M]
 
[2010.06.17 09:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Extensions
[2012.11.22 21:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions
[2012.10.11 06:47:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.22 16:24:10 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.22 16:24:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.22 20:47:01 | 000,002,516 | ---- | M] () -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\searchplugins\mngr.xml
[2012.11.22 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 06:47:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 06:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 06:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 06:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 06:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 06:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 06:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.22 18:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] D:\Programme\Magix\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D2C341-3BDB-4F5F-9981-DE3C8C39F70C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D81028C0-6161-48CA-9302-9C72401D746A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Claro
[2012.11.22 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.22 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2012.11.22 20:46:43 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012.11.22 20:45:20 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe
[2012.11.22 18:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.22 18:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.22 18:15:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.22 18:15:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.22 18:15:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.22 18:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.22 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\ibook
[2012.11.21 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Malwarebytes
[2012.11.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.21 20:26:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.21 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012.11.15 23:06:45 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.15 23:06:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.15 23:02:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.15 23:02:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.15 23:02:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.15 23:02:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.15 23:02:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.15 23:02:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.15 23:02:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.15 23:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.15 23:02:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.15 23:02:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.15 23:02:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.15 23:02:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.15 23:02:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.15 23:02:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.15 23:02:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.15 23:01:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.15 23:01:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.15 23:01:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.15 23:01:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 21:23:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 21:23:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.13 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\My Digital Editions
[2012.11.13 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Local\Kobo
[2012.11.13 12:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012.11.13 12:45:41 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2012.11.13 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo
[2012.11.11 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender 2013
[2012.11.09 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender Anke
[2012.10.31 16:03:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\GRETECH
[2012.10.31 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\GomPlayer
[2012.10.31 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012.10.31 16:01:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.31 16:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\GomPlayer
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.22 21:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:03:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 21:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.22 20:45:29 | 000,634,272 | ---- | M] () -- C:\Users\Antje\Desktop\pcp_claro.exe
[2012.11.22 20:45:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe
[2012.11.22 18:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.22 17:03:39 | 000,022,411 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z
[2012.11.22 17:03:34 | 000,019,585 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z
[2012.11.22 14:26:51 | 000,059,277 | ---- | M] () -- C:\Users\Antje\Desktop\log.7z
[2012.11.22 09:17:59 | 000,000,512 | ---- | M] () -- C:\Users\Antje\Desktop\MBR.dat
[2012.11.22 09:11:17 | 000,000,020 | ---- | M] () -- C:\Users\Antje\defogger_reenable
[2012.11.21 21:55:13 | 000,297,646 | ---- | M] () -- C:\Users\Antje\Desktop\malware.png
[2012.11.21 20:26:52 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 20:19:52 | 000,002,060 | ---- | M] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.11.21 20:19:52 | 000,001,989 | ---- | M] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk
[2012.11.20 10:05:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 10:05:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 10:05:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 10:05:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 10:05:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.16 07:44:58 | 000,445,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 13:27:32 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.11.13 12:45:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.11.08 10:29:56 | 000,534,532 | ---- | M] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf
[2012.10.31 16:03:05 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.22 20:45:20 | 000,634,272 | ---- | C] () -- C:\Users\Antje\Desktop\pcp_claro.exe
[2012.11.22 18:15:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.22 18:15:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.22 18:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.22 18:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.22 18:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 17:03:39 | 000,022,411 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z
[2012.11.22 17:03:34 | 000,019,585 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z
[2012.11.22 14:26:51 | 000,059,277 | ---- | C] () -- C:\Users\Antje\Desktop\log.7z
[2012.11.22 09:17:59 | 000,000,512 | ---- | C] () -- C:\Users\Antje\Desktop\MBR.dat
[2012.11.22 09:11:17 | 000,000,020 | ---- | C] () -- C:\Users\Antje\defogger_reenable
[2012.11.21 21:55:13 | 000,297,646 | ---- | C] () -- C:\Users\Antje\Desktop\malware.png
[2012.11.21 20:26:52 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 20:19:52 | 000,002,060 | ---- | C] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.11.21 20:19:52 | 000,001,989 | ---- | C] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk
[2012.11.15 23:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 23:01:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 12:45:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.11.08 10:29:55 | 000,534,532 | ---- | C] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf
[2012.10.31 16:03:05 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.09.13 10:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.02.27 10:22:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.02.27 10:22:51 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.20 19:33:21 | 000,012,288 | ---- | C] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 14:35:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo
[2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre
[2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro
[2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite
[2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ
[2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite
[2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape
[2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung
[2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software
[2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft
[2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.22 18:24:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.17 10:10:56 | 000,000,000 | ---D | M] -- C:\ATI
[2012.11.22 20:54:48 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.14 10:50:10 | 000,000,000 | ---D | M] -- C:\found.000
[2012.02.27 10:23:51 | 000,000,000 | ---D | M] -- C:\LGP970
[2010.06.17 10:09:48 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.21 20:26:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.22 20:55:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.22 21:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.22 18:27:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.06.16 22:07:29 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010.06.16 22:00:44 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.22 21:17:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.16 22:02:27 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.22 21:03:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.11.22 21:01:41 | 000,009,331 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.11.22 18:27:29 | 000,020,882 | ---- | M] () -- C:\ComboFix.txt
[2010.06.16 22:07:50 | 000,000,199 | ---- | M] () -- C:\csb.log
[2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.16 22:06:48 | 000,000,086 | ---- | M] () -- C:\Install.log
[2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012.11.22 21:02:58 | 2144,919,552 | -HS- | M] () -- C:\pagefile.sys
[2010.06.16 22:05:12 | 000,003,232 | ---- | M] () -- C:\RHDSetup.log
[2011.08.19 02:13:20 | 000,000,236 | ---- | M] () -- C:\service.log
[2012.11.22 09:32:46 | 000,264,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.txt
[2012.11.22 17:01:44 | 000,134,292 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.txt
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %PROGRAMFILES(X86)%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %appdata%\*. >
[2010.06.25 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Adobe
[2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo
[2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ATI
[2010.06.17 10:45:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Avira
[2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre
[2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro
[2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite
[2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.31 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\GRETECH
[2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ
[2010.06.16 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Identities
[2010.06.17 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Macromedia
[2012.11.21 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Media Center Programs
[2012.11.19 21:23:06 | 000,000,000 | --SD | M] -- C:\Users\Antje\AppData\Roaming\Microsoft
[2010.06.17 09:53:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Mozilla
[2011.08.26 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NCH Software
[2012.03.14 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Nero
[2012.03.14 08:58:30 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NeroDigital
[2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite
[2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape
[2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung
[2012.11.02 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Skype
[2012.11.02 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\skypePM
[2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software
[2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft
[2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue
 
< %appdata%\*.* >
 
< %localappdata%\*. >
[2010.06.25 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Adobe
[2011.08.21 12:35:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AMD
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Anwendungsdaten
[2010.10.10 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AOL
[2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ashampoo
[2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ATI
[2010.06.17 09:56:02 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Cooliris
[2012.11.07 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Diagnostics
[2012.09.13 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Downloaded Installations
[2012.11.07 23:28:17 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ElevatedDiagnostics
[2012.01.23 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Google
[2012.11.13 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Kobo
[2011.01.07 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft
[2010.08.11 08:01:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Games
[2010.09.04 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Help
[2010.06.17 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Mozilla
[2012.03.14 09:55:03 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero
[2012.03.14 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero_AG
[2010.09.27 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nokia
[2010.09.27 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\NokiaAccount
[2012.09.13 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Samsung
[2012.11.22 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Temp
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Temporary Internet Files
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Verlauf
[2010.08.10 10:24:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2010.10.20 19:33:32 | 000,012,288 | ---- | M] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 07:45:51 | 000,123,424 | ---- | M] () -- C:\Users\Antje\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.22 21:02:04 | 002,283,930 | -H-- | M] () -- C:\Users\Antje\AppData\Local\IconCache.db
 
< %allusersprofile%\*. >
[2012.09.17 09:38:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011.08.21 12:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011.08.18 20:54:32 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2010.06.17 10:43:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2012.10.31 16:01:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010.06.17 09:41:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010.08.09 11:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2012.02.27 14:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2011.06.18 14:08:45 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012.11.21 20:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.11.07 23:26:33 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2010.06.17 10:19:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.10.11 06:47:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011.09.02 20:08:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software
[2012.03.14 08:56:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2010.09.27 20:42:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2010.09.27 20:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011.02.07 15:06:18 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012.09.13 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2010.06.19 14:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.10.31 10:11:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011.10.08 11:29:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2012.11.22 20:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010.06.17 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.09.29 15:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2010.06.17 09:13:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
 
< %allusersprofile%\*.* >
[2010.06.19 14:35:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

< End of report >
         
--- --- ---

Alt 22.11.2012, 21:30   #24
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2012 21:15:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Antje\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS
 
Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Antje\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Antje\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 3B 07 80 F8 0D CB 01  [binary data]
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{B85725A4-D551-4712-AC11-068E1C2661B0}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 20:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.22 20:59:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 20:47:03 | 000,000,000 | ---D | M]
 
[2010.06.17 09:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Extensions
[2012.11.22 21:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions
[2012.10.11 06:47:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.22 16:24:10 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.22 16:24:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.22 20:47:01 | 000,002,516 | ---- | M] () -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\searchplugins\mngr.xml
[2012.11.22 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 06:47:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 06:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 06:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 06:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 06:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 06:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 06:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.22 18:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] D:\Programme\Magix\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D2C341-3BDB-4F5F-9981-DE3C8C39F70C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D81028C0-6161-48CA-9302-9C72401D746A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.22 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Claro
[2012.11.22 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.22 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2012.11.22 20:46:43 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012.11.22 20:45:20 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe
[2012.11.22 18:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.22 18:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.22 18:15:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.22 18:15:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.22 18:15:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.22 18:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.22 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\ibook
[2012.11.21 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Malwarebytes
[2012.11.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.21 20:26:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.21 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012.11.15 23:06:45 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.15 23:06:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.15 23:02:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.15 23:02:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.15 23:02:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.15 23:02:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.15 23:02:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.15 23:02:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.15 23:02:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.15 23:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.15 23:02:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.15 23:02:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.15 23:02:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.15 23:02:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.15 23:02:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.15 23:02:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.15 23:02:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.15 23:01:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.15 23:01:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.15 23:01:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.15 23:01:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 21:23:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 21:23:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.13 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\My Digital Editions
[2012.11.13 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Local\Kobo
[2012.11.13 12:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012.11.13 12:45:41 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2012.11.13 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo
[2012.11.11 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender 2013
[2012.11.09 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender Anke
[2012.10.31 16:03:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\GRETECH
[2012.10.31 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\GomPlayer
[2012.10.31 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012.10.31 16:01:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.31 16:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\GomPlayer
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.22 21:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:03:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 21:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.22 20:45:29 | 000,634,272 | ---- | M] () -- C:\Users\Antje\Desktop\pcp_claro.exe
[2012.11.22 20:45:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe
[2012.11.22 18:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.22 17:03:39 | 000,022,411 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z
[2012.11.22 17:03:34 | 000,019,585 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z
[2012.11.22 14:26:51 | 000,059,277 | ---- | M] () -- C:\Users\Antje\Desktop\log.7z
[2012.11.22 09:17:59 | 000,000,512 | ---- | M] () -- C:\Users\Antje\Desktop\MBR.dat
[2012.11.22 09:11:17 | 000,000,020 | ---- | M] () -- C:\Users\Antje\defogger_reenable
[2012.11.21 21:55:13 | 000,297,646 | ---- | M] () -- C:\Users\Antje\Desktop\malware.png
[2012.11.21 20:26:52 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 20:19:52 | 000,002,060 | ---- | M] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.11.21 20:19:52 | 000,001,989 | ---- | M] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk
[2012.11.20 10:05:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 10:05:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 10:05:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 10:05:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 10:05:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.16 07:44:58 | 000,445,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 13:27:32 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.11.13 12:45:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.11.08 10:29:56 | 000,534,532 | ---- | M] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf
[2012.10.31 16:03:05 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.22 20:45:20 | 000,634,272 | ---- | C] () -- C:\Users\Antje\Desktop\pcp_claro.exe
[2012.11.22 18:15:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.22 18:15:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.22 18:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.22 18:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.22 18:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.22 17:03:39 | 000,022,411 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z
[2012.11.22 17:03:34 | 000,019,585 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z
[2012.11.22 14:26:51 | 000,059,277 | ---- | C] () -- C:\Users\Antje\Desktop\log.7z
[2012.11.22 09:17:59 | 000,000,512 | ---- | C] () -- C:\Users\Antje\Desktop\MBR.dat
[2012.11.22 09:11:17 | 000,000,020 | ---- | C] () -- C:\Users\Antje\defogger_reenable
[2012.11.21 21:55:13 | 000,297,646 | ---- | C] () -- C:\Users\Antje\Desktop\malware.png
[2012.11.21 20:26:52 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 20:19:52 | 000,002,060 | ---- | C] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.11.21 20:19:52 | 000,001,989 | ---- | C] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk
[2012.11.15 23:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 23:01:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 12:45:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.11.08 10:29:55 | 000,534,532 | ---- | C] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf
[2012.10.31 16:03:05 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.09.13 10:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.02.27 10:22:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.02.27 10:22:51 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.20 19:33:21 | 000,012,288 | ---- | C] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 14:35:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo
[2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre
[2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro
[2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite
[2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ
[2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite
[2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape
[2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung
[2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software
[2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft
[2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.22 18:24:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.17 10:10:56 | 000,000,000 | ---D | M] -- C:\ATI
[2012.11.22 20:54:48 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.14 10:50:10 | 000,000,000 | ---D | M] -- C:\found.000
[2012.02.27 10:23:51 | 000,000,000 | ---D | M] -- C:\LGP970
[2010.06.17 10:09:48 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.21 20:26:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.22 20:55:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.22 21:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.22 18:27:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.06.16 22:07:29 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010.06.16 22:00:44 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.22 21:17:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.16 22:02:27 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.22 21:03:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.11.22 21:01:41 | 000,009,331 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.11.22 18:27:29 | 000,020,882 | ---- | M] () -- C:\ComboFix.txt
[2010.06.16 22:07:50 | 000,000,199 | ---- | M] () -- C:\csb.log
[2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.16 22:06:48 | 000,000,086 | ---- | M] () -- C:\Install.log
[2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012.11.22 21:02:58 | 2144,919,552 | -HS- | M] () -- C:\pagefile.sys
[2010.06.16 22:05:12 | 000,003,232 | ---- | M] () -- C:\RHDSetup.log
[2011.08.19 02:13:20 | 000,000,236 | ---- | M] () -- C:\service.log
[2012.11.22 09:32:46 | 000,264,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.txt
[2012.11.22 17:01:44 | 000,134,292 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.txt
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %PROGRAMFILES(X86)%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %appdata%\*. >
[2010.06.25 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Adobe
[2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo
[2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ATI
[2010.06.17 10:45:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Avira
[2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre
[2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro
[2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite
[2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.31 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\GRETECH
[2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ
[2010.06.16 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Identities
[2010.06.17 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Macromedia
[2012.11.21 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Media Center Programs
[2012.11.19 21:23:06 | 000,000,000 | --SD | M] -- C:\Users\Antje\AppData\Roaming\Microsoft
[2010.06.17 09:53:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Mozilla
[2011.08.26 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NCH Software
[2012.03.14 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Nero
[2012.03.14 08:58:30 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NeroDigital
[2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite
[2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft
[2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape
[2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung
[2012.11.02 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Skype
[2012.11.02 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\skypePM
[2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software
[2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft
[2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue
 
< %appdata%\*.* >
 
< %localappdata%\*. >
[2010.06.25 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Adobe
[2011.08.21 12:35:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AMD
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Anwendungsdaten
[2010.10.10 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AOL
[2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ashampoo
[2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ATI
[2010.06.17 09:56:02 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Cooliris
[2012.11.07 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Diagnostics
[2012.09.13 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Downloaded Installations
[2012.11.07 23:28:17 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ElevatedDiagnostics
[2012.01.23 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Google
[2012.11.13 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Kobo
[2011.01.07 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft
[2010.08.11 08:01:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Games
[2010.09.04 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Help
[2010.06.17 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Mozilla
[2012.03.14 09:55:03 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero
[2012.03.14 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero_AG
[2010.09.27 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nokia
[2010.09.27 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\NokiaAccount
[2012.09.13 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Samsung
[2012.11.22 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Temp
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Temporary Internet Files
[2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Verlauf
[2010.08.10 10:24:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2010.10.20 19:33:32 | 000,012,288 | ---- | M] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 07:45:51 | 000,123,424 | ---- | M] () -- C:\Users\Antje\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.22 21:02:04 | 002,283,930 | -H-- | M] () -- C:\Users\Antje\AppData\Local\IconCache.db
 
< %allusersprofile%\*. >
[2012.09.17 09:38:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011.08.21 12:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011.08.18 20:54:32 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2010.06.17 10:43:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2012.10.31 16:01:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010.06.17 09:41:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010.08.09 11:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2012.02.27 14:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2011.06.18 14:08:45 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012.11.21 20:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.11.07 23:26:33 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2010.06.17 10:19:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.10.11 06:47:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011.09.02 20:08:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software
[2012.03.14 08:56:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2010.09.27 20:42:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2010.09.27 20:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011.02.07 15:06:18 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012.09.13 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2010.06.19 14:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.10.31 10:11:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011.10.08 11:29:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2012.11.22 20:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010.06.17 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.09.29 15:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2010.06.17 09:13:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
 
< %allusersprofile%\*.* >
[2010.06.19 14:35:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2012 21:15:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Antje\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS
 
Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0824C42C-8E24-4531-9DC5-25D736DAB48E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{09A26208-B21B-4A89-8FD6-985C3FE1E3C4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1735E2E8-4139-401C-BAA0-EBAF97065529}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1ACBE584-8256-4392-9270-3F5CE456BD5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1D5F7234-03AA-4BF0-9EF3-411FBCF1E6B8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{24B6513B-D50B-4351-9B86-1969E2CE9FD5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2B6BF0C2-6B52-40B7-932E-268E8BE2A271}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FEBBFA2-0FF6-43E9-A614-04DD5C7750C9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F0838DE-110C-41A4-A0E4-67870103AF55}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{55237BE2-1E17-43C2-9F44-0E99402C50E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AE3D1C6-5765-4C25-B539-51C55175ACAA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{63E849D4-7BE4-4D3D-88B2-C2A6ED6C5744}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6420B9F0-4151-4E38-ABC1-67B6939351E0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{64B8BCDE-37AB-4E11-9F4B-5C8855FF6477}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68E09862-611A-4EB9-9D0A-22352BE1ED1A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6F0573E5-2EE6-4B87-952D-4D5E5A5FC87C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{707A02E6-F461-4868-926A-B28E12797F9B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{70A17C48-AE92-4286-BE64-9D6DCA549727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{806BEC7B-2888-4D60-AE54-7C297039EAD0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{812C4388-587B-43F8-8FA1-310B83FB102C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A93FBA8-3F8F-403A-9602-8E3C9CF8077F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8DA0E0FC-4233-42EB-A5D7-D9E77C08E272}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{99484402-23EB-4DDB-95EC-5A143558B627}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B187241-B5CF-484D-844B-14D78BEFB654}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{B06739DB-8518-4D9E-9103-3BE5BFE56A9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B6A002D7-87EB-4755-AA4F-D00670D7C2AC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BF108933-8DFF-4FA2-BBE0-EC202FA0058B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CE38D1B7-FEA4-4E1B-8735-03AE691D7D23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFFF0108-A9FE-428E-A6AA-55F9795CD342}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D50AA45E-6CC5-4A7B-BD55-C56366962467}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F010E866-D7A3-4004-BAD0-1AC4634A6DF0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3481A82-40DA-43EC-AF67-6C444C575858}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F43F7009-1373-48F6-872B-ABCA666BB60B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5FBD221-376B-458C-8D08-5933BF2FD7A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FDD0EEA4-FBD3-4146-8ACA-F060EC74FF32}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D164FD-295F-4E52-950F-0154C0029C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{07687E99-3A34-4961-A230-EC1415327F34}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{15D6D33E-AD86-455B-8B1E-695F32F63670}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{20CCF9B2-4A22-482F-8D35-BE3A66B5F147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2314ADA9-1FBD-4C1F-BD90-2711257818BA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{2A4A8013-72C0-4849-B3D4-FC93B2BC0833}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{326200BE-C820-4D21-92D2-E0DD15E9D08A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{37805025-E3A5-4487-9620-902F289426A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{39F42D38-5EF9-4D68-B932-0059D0FFFB4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3BAEC46E-F709-4F7B-B6C3-698035736E61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FA0ACB8-2960-4E4A-8558-5500CEB38CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D82D223-9EBF-40DB-B721-182C539B7698}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4F731767-10CB-4A1D-8700-61838679BAD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5050BEA1-676F-4F58-8FFE-4D62DC2F9048}" = protocol=6 | dir=out | app=system | 
"{549F7521-0D07-4392-BB7B-039FBEA465FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55E7332B-FC43-40D4-A40A-600751BE2CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{5F31C0B4-0B93-4376-B108-B78A49156372}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{629E4A48-95F2-41D6-B627-47C6C6C72614}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{65F5D338-9C3B-47DF-8B68-12AD2334B3FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{68BD04DB-8196-4B33-92C9-19AA52FCEC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{6D6825C7-61E6-4A72-8602-AE73AA195DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{6E241698-6D34-40D2-92A2-ADC71A235A09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{769CD8F9-9286-49F4-8056-7E091E9364E0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{7A78F13E-40EF-4B0D-ABD4-71DC97F76F9C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C389588-AE15-4419-A2B6-0F0A113A9675}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8201D70A-A5D7-4D0A-AAF4-2A158F40EA27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{866CB507-9DE9-4ECA-B053-9E96CDAF6E3C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96180466-DEB7-4CB2-A8AE-FC93133DB3CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AAF2F33B-2FC3-4D77-B72E-FAFA4414659E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD37E3F9-AE2D-4DBF-B46B-1FFDD707E442}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF9B9D82-2148-4ADF-92AB-933A8484360D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{BDB3C8B9-C4B4-4176-AEB4-DFC62A2DACAC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{BF46750F-5BAD-43FE-9EF9-E03ABAFCAF84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CA295999-DBB0-4D9B-BD04-0DDEAC9B3639}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{CE866EFA-290B-4CC3-A16F-E969B585C430}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3DE2EE2-6583-4F52-A7EC-CA6D36F20075}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{D6D9C9ED-0CE5-4EE1-896A-63EAD7EDC7EE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{DEE5C1EB-8C82-47DF-B9F6-A190E4190872}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9B36B56-10D7-4B89-99AC-F5596ECF0DD1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2AFF7F8-E122-4EEF-814E-6BD2DDE238D0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{FB04F13C-D882-4B63-A5AE-FCAABA6FECA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{03809CD7-3B43-4EE7-86E6-302EAF052A54}D:\spiele\civcity\civcity rome.exe" = protocol=6 | dir=in | app=d:\spiele\civcity\civcity rome.exe | 
"TCP Query User{0D85F48D-C719-4AD3-8284-97763FE48A11}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=6 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe | 
"TCP Query User{1932A6DD-E0F0-43CF-8129-95958E6C454B}D:\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno1701\anno1701.exe | 
"TCP Query User{40DAB15E-D831-4868-856C-201F5F814AA7}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=6 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe | 
"TCP Query User{D5331B2D-08B5-432D-A608-FA9AB3E9F88E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{FE1D9257-16DD-4055-A4F9-00D50605ED1E}D:\spiele\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"UDP Query User{0F71F858-69C2-4FDA-AE8B-2FDBF42D5766}D:\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno1701\anno1701.exe | 
"UDP Query User{1D8EC1F9-C307-451E-A510-9222591480EB}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=17 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe | 
"UDP Query User{3C1BB965-8FFE-4929-BBAE-11DB22D559DB}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{7B92D24B-1AE7-4014-874F-0A24424F6488}D:\spiele\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"UDP Query User{983FE8CF-26D1-43D8-96D2-3F5D4638BE8D}D:\spiele\civcity\civcity rome.exe" = protocol=17 | dir=in | app=d:\spiele\civcity\civcity rome.exe | 
"UDP Query User{DFE101C4-4E04-4042-8C47-2CEA27ED04ED}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=17 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{36A5281A-B56F-44AA-23F3-0DD2A37B2825}" = AMD Media Foundation Decoders
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AFCA7057-581F-9CE2-A1BD-65371995C64F}" = AMD Fuel
"{BCC08D47-60ED-FA7F-241B-34BC9947D9FF}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{936783CC-73D3-F125-71A4-BC0697B48167}" = CCC Help English
"{98890E89-0353-D7BB-594D-26A17055A42B}" = Catalyst Control Center Graphics Previews Common
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CCF9FABA-FF1F-AA77-60F5-8A6FD53E78E3}" = AMD VISION Engine Control Center
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"GOM Player" = GOM Player
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Kobo" = Kobo
"MAGIX Videos für unterwegs D" = MAGIX Videos für unterwegs 4.0.0.18 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.11.2012 14:35:12 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ea8    Startzeit: 
01cdbf720a3215a9    Endzeit: 32    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 55b272e7-2b65-11e2-92e2-1c6f65d644ef  
 
Error - 12.11.2012 10:59:40 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6504.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 53c    Startzeit: 01cdc0e62954e773    Endzeit: 8    Anwendungspfad: C:\Program
 Files (x86)\Microsoft Office\Office12\WINWORD.EXE    Berichts-ID: 8b17b502-2cd9-11e2-b778-1c6f65d644ef

 
Error - 15.11.2012 08:55:14 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 640    Startzeit: 01cdc30465edd8e2    Endzeit: 44197    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 93888fe4-2f23-11e2-98a6-1c6f65d644ef  
 
Error - 21.11.2012 16:54:43 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 90c    Startzeit: 
01cdc7dc04a3151e    Endzeit: 1803    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8f574e08-341d-11e2-bc57-1c6f65d644ef  
 
Error - 21.11.2012 16:54:54 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9bc    Startzeit: 
01cdc81e2f7701d1    Endzeit: 125    Anwendungspfad: C:\Program Files\Anti-Malware\mbam.exe

Berichts-ID:
 aec2851e-341d-11e2-bc57-1c6f65d644ef  
 
Error - 21.11.2012 16:56:02 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 520    Startzeit: 
01cdc82a87b644e6    Endzeit: 40    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 d8357dfe-341d-11e2-bc57-1c6f65d644ef  
 
Error - 22.11.2012 09:21:31 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-463142111-1004638083-774104450-1000\$RMM2UY7.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 22.11.2012 15:44:36 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 22.11.2012 15:44:40 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 22.11.2012 15:56:29 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
[ Media Center Events ]
Error - 18.06.2010 13:28:43 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:28:43 - Fehler beim Herstellen der Internetverbindung.  19:28:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.06.2010 13:28:52 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:28:48 - Fehler beim Herstellen der Internetverbindung.  19:28:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 08:19:08 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 14:19:08 - Fehler beim Herstellen der Internetverbindung.  14:19:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 08:19:42 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 14:19:38 - Fehler beim Herstellen der Internetverbindung.  14:19:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 09:20:26 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 15:20:26 - Fehler beim Herstellen der Internetverbindung.  15:20:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 09:20:57 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 15:20:55 - Fehler beim Herstellen der Internetverbindung.  15:20:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 13:19:17 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:19:17 - Fehler beim Herstellen der Internetverbindung.  19:19:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 13:19:52 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:19:47 - Fehler beim Herstellen der Internetverbindung.  19:19:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 14:20:34 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 20:20:34 - Fehler beim Herstellen der Internetverbindung.  20:20:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.06.2010 14:21:04 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 20:21:04 - Fehler beim Herstellen der Internetverbindung.  20:21:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 21.11.2012 03:19:10 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.11.2012 17:17:55 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.11.2012 04:11:28 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.11.2012 05:12:42 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Drive Defrag-Dienst" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 22.11.2012 13:17:07 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "JMB36X" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 22.11.2012 13:19:58 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 22.11.2012 13:21:50 | Computer Name = Antje-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.11.2012 13:22:34 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 22.11.2012 13:22:48 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.11.2012 16:02:04 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description = 
 
[ TuneUp Events ]
Error - 16.01.2012 07:06:47 | Computer Name = Antje-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

Und was meinst?!

Alt 22.11.2012, 21:47   #25
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Gut soweit ... Rest noch ...

Schritt 1:
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef"
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()

:files
[2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro

:commands
[Emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.


Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

ESET Online Scanner

Zitat:
Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

  • Bitte hier klicken --->
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.
  • drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!

Wenn der Scan beendet wurde
  • Klicke und dann
  • Speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.
Schritt 4:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.
  • Während der Installation entferne den Haken bei:

Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.

Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.
Schritt 5:

Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.
Schritt 6:
Kontrollscan mit OTL

  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.11.2012, 21:53   #26
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



All processes killed
========== OTL ==========
Prefs.js: "Claro Search" removed from browser.search.defaultenginename
Prefs.js: "Claro Search" removed from browser.search.order.1
Prefs.js: "Claro Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef" removed from browser.startup.homepage
Prefs.js: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bd07eb-0ee0-4df0-8121-dc9b693373df}\ not found.
File C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll deleted successfully.
File move failed. c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll scheduled to be moved on reboot.
========== FILES ==========
File\Folder [2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager not found.
File\Folder [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antje
->Temp folder emptied: 1001002 bytes
->Temporary Internet Files folder emptied: 339569377 bytes
->Java cache emptied: 47782031 bytes
->FireFox cache emptied: 71545777 bytes
->Flash cache emptied: 8839209 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 12703658 bytes

Total Files Cleaned = 493,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11222012_214954

Files\Folders moved on Reboot...
c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll moved successfully.
C:\Users\Antje\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.22.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Antje :: ANTJE-PC [Administrator]

22.11.2012 21:54:36
mbam-log-2012-11-22 (21-54-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205787
Laufzeit: 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 22.11.2012, 22:01   #27
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Ganz fleissig und tapfer! ESET wird etwas dauern. Wir lesen uns morgen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.11.2012, 22:23   #28
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Zwischenbericht
Angehängte Grafiken
Dateityp: jpg ping.jpg (38,7 KB, 138x aufgerufen)

Alt 22.11.2012, 22:27   #29
ryder
/// TB-Ausbilder
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



Brauchen wir nicht ... lass es die nacht laufen.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.11.2012, 22:49   #30
filinchen200
 
zbot Trojaner mit Spybot search & destroy entfernen? - Standard

zbot Trojaner mit Spybot search & destroy entfernen?



46% glaub ich lass ihn wirklich die Nacht an *gähn*
Danke Dir erst mal ganz arg bis dato!

(aber 11 Funde...macht mir schon wieder Angst)

Results of screen317's Security Check version 0.99.54
Windows 7 x64
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Antwort

Themen zu zbot Trojaner mit Spybot search & destroy entfernen?
beseitigen, destroy, entferne, entfernen, komplette, malewarebytes, neu, search, spybot, troja, trojaner, trojaner zbot, zbot, zbot trojaner




Ähnliche Themen: zbot Trojaner mit Spybot search & destroy entfernen?


  1. Spybot - Search and Destroy läßt sich nicht vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (9)
  2. win32downloader.gen von Spybot Search&Destroy erkannt - Wie am besten entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (1)
  3. Weißer Bildschirm Trojaner - Spybot Search and Destroy geholfen oder nicht
    Log-Analyse und Auswertung - 01.11.2012 (12)
  4. Spybot-Search & Destroy hat ein Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (4)
  5. SpyBot - Search & Destroy und Avira AntiVir
    Antiviren-, Firewall- und andere Schutzprogramme - 27.01.2010 (3)
  6. Spybot Search & Destroy Echtzeitschutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.10.2009 (5)
  7. Spybot Search & Destroy
    Anleitungen, FAQs & Links - 29.10.2008 (2)
  8. Meldung von Spybot - Search & Destroy
    Plagegeister aller Art und deren Bekämpfung - 09.11.2007 (3)
  9. Spybot Search & Destroy + Antivir
    Antiviren-, Firewall- und andere Schutzprogramme - 10.10.2007 (5)
  10. Spybot-Search and Destroy-Fehler
    Antiviren-, Firewall- und andere Schutzprogramme - 27.08.2007 (1)
  11. Logfile von Spybot - Search & Destroy
    Log-Analyse und Auswertung - 17.02.2006 (4)
  12. Spybot - Search & Destroy
    Plagegeister aller Art und deren Bekämpfung - 03.06.2005 (6)
  13. Spybot Search & Destroy 1.4
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2005 (5)
  14. Spybot Search & Destroy
    Plagegeister aller Art und deren Bekämpfung - 11.11.2004 (3)
  15. SpyBot Search & Destroy V1.3.1 TX
    Antiviren-, Firewall- und andere Schutzprogramme - 04.11.2004 (14)
  16. SpyBot Search & Destroy V1.3.1 TX II
    Antiviren-, Firewall- und andere Schutzprogramme - 29.10.2004 (2)
  17. Spybot - search and destroy
    Antiviren-, Firewall- und andere Schutzprogramme - 20.08.2004 (5)

Zum Thema zbot Trojaner mit Spybot search & destroy entfernen? - Can not open file... Ich geb auf!!!!!! - zbot Trojaner mit Spybot search & destroy entfernen?...
Archiv
Du betrachtest: zbot Trojaner mit Spybot search & destroy entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.