| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: zbot Trojaner mit Spybot search & destroy entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2012, 17:24
| #16 |
 |  zbot Trojaner mit Spybot search & destroy entfernen? Can not open file...  Ich geb auf!!!!!!  |
|
22.11.2012, 17:27
| #17 |
| /// TB-Ausbilder  | zbot Trojaner mit Spybot search & destroy entfernen? OK machen wir es so ... du öffnest das Logfile nochmal und schaust bitte was ganz unten steht. Unterhalb von "Scan finished" ... alles das was dann noch kommt ... poste mir bitte hier
__________________
__________________ |
|
22.11.2012, 17:38
| #18 |
| | zbot Trojaner mit Spybot search & destroy entfernen? Das ist easy:
__________________16:49:17.0094 3480 Detected object count: 0 16:49:17.0094 3480 Actual detected object count: 0 17:01:44.0774 3848 Deinitialize success Und von heut morgen: 09:30:56.0558 2148 Scan finished 09:30:56.0558 2148 ============================================================ 09:30:56.0568 2812 Detected object count: 0 09:30:56.0568 2812 Actual detected object count: 0 09:32:46.0574 1356 Deinitialize success |
|
22.11.2012, 17:43
| #19 | ||
| /// TB-Ausbilder | zbot Trojaner mit Spybot search & destroy entfernen? Gut! Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.11.2012, 18:58
| #20 |
| | zbot Trojaner mit Spybot search & destroy entfernen? Ist wieder so ein langer log. Was mach ich damit? >>bitte verzweifel nicht an/mit mir<< |
|
22.11.2012, 18:59
| #21 |
| | zbot Trojaner mit Spybot search & destroy entfernen? There it is  |
|
22.11.2012, 20:26
| #22 | |
| /// TB-Ausbilder | zbot Trojaner mit Spybot search & destroy entfernen? Gut gemacht!  Schritt 1: Deinstalliere Tuneup Utilities Warnung: Registry-Cleaner Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.11.2012, 21:12
| #23 |
| | zbot Trojaner mit Spybot search & destroy entfernen? # AdwCleaner v2.008 - Datei am 22/11/2012 um 21:01:34 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Ultimate (64 bits) # Benutzer : Antje - ANTJE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Antje\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\IBUpdaterService Ordner Gelöscht : C:\ProgramData\pc performer manager Ordner Gelöscht : C:\Users\Antje\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\Conduit Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\ConduitEngine Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\CT2431245 Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Ordner Gelöscht : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\extensions\engine@conduit.com Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AutocompleteProBHO Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Schlüssel Gelöscht : HKLM\SOFTWARE\Software Schlüssel Gelöscht : HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] -\\ Mozilla Firefox v12.0 (de) Profilname : default Datei : C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\prefs.js C:\Users\Antje\AppData\Roaming\Mozilla\Firefox\Profiles\zq16lyiv.default\user.js ... Gelöscht ! Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=[...] Gelöscht : user_pref("avg.install.userSPSettings", "Claro Search"); Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search"); Gelöscht : user_pref("browser.search.order.1", "Claro Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP[...] Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 03 2012 10:10:52 GMT+0100"); Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 03 2012 10:10:52 GMT+0100"); Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.alert.userId", "70959fe8-80bb-4c16-aa10-aeee9a0b3349"); Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2431245"); Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3"); Gelöscht : user_pref("extensions.claro.admin", false); Gelöscht : user_pref("extensions.claro.aflt", "babsst"); Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Gelöscht : user_pref("extensions.claro.dfltLng", "en"); Gelöscht : user_pref("extensions.claro.excTlbr", false); Gelöscht : user_pref("extensions.claro.id", "a8ea5efd0000000000001c6f65d644ef"); Gelöscht : user_pref("extensions.claro.instlDay", "15666"); Gelöscht : user_pref("extensions.claro.instlRef", "sst"); Gelöscht : user_pref("extensions.claro.prdct", "claro"); Gelöscht : user_pref("extensions.claro.prtnrId", "claro"); Gelöscht : user_pref("extensions.claro.tlbrId", "irhnew"); Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10"); Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10"); Gelöscht : user_pref("extensions.claro_i.smplGrp", "none"); Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1020:46:56"); Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=[...] ************************* AdwCleaner[S1].txt - [9214 octets] - [22/11/2012 21:01:34] ########## EOF - C:\AdwCleaner[S1].txt - [9274 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 21:15:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antje\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free 4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Antje\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Users\Antje\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 3B 07 80 F8 0D CB 01 [binary data] IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{B85725A4-D551-4712-AC11-068E1C2661B0}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef" FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 20:59:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.22 20:59:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 20:47:03 | 000,000,000 | ---D | M] [2010.06.17 09:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Extensions [2012.11.22 21:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions [2012.10.11 06:47:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.22 16:24:10 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.22 16:24:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.22 20:47:01 | 000,002,516 | ---- | M] () -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\searchplugins\mngr.xml [2012.11.22 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.11 06:47:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 06:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 06:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 06:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 06:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 06:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 06:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.22 18:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] D:\Programme\Magix\Trayserver.exe (MAGIX AG) O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D2C341-3BDB-4F5F-9981-DE3C8C39F70C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D81028C0-6161-48CA-9302-9C72401D746A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Claro [2012.11.22 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.22 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2012.11.22 20:46:43 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.11.22 20:45:20 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe [2012.11.22 18:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.22 18:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.22 18:15:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.22 18:15:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.22 18:15:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.22 18:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.22 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\ibook [2012.11.21 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Malwarebytes [2012.11.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.21 20:26:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.21 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware [2012.11.15 23:06:45 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 23:06:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 23:02:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 23:02:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 23:02:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 23:02:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 23:02:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 23:02:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 23:02:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 23:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 23:02:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 23:02:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 23:02:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 23:02:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 23:02:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 23:02:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 23:02:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 23:01:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 23:01:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 23:01:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 23:01:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 21:23:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 21:23:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.13 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\My Digital Editions [2012.11.13 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Local\Kobo [2012.11.13 12:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo [2012.11.13 12:45:41 | 000,000,000 | ---D | C] -- C:\Windows\tmp [2012.11.13 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo [2012.11.11 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender 2013 [2012.11.09 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender Anke [2012.10.31 16:03:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\GRETECH [2012.10.31 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\GomPlayer [2012.10.31 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2012.10.31 16:01:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.31 16:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\GomPlayer ========== Files - Modified Within 30 Days ========== [2012.11.22 21:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 21:03:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 21:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys [2012.11.22 20:45:29 | 000,634,272 | ---- | M] () -- C:\Users\Antje\Desktop\pcp_claro.exe [2012.11.22 20:45:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe [2012.11.22 18:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.22 17:03:39 | 000,022,411 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z [2012.11.22 17:03:34 | 000,019,585 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z [2012.11.22 14:26:51 | 000,059,277 | ---- | M] () -- C:\Users\Antje\Desktop\log.7z [2012.11.22 09:17:59 | 000,000,512 | ---- | M] () -- C:\Users\Antje\Desktop\MBR.dat [2012.11.22 09:11:17 | 000,000,020 | ---- | M] () -- C:\Users\Antje\defogger_reenable [2012.11.21 21:55:13 | 000,297,646 | ---- | M] () -- C:\Users\Antje\Desktop\malware.png [2012.11.21 20:26:52 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 20:19:52 | 000,002,060 | ---- | M] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.21 20:19:52 | 000,001,989 | ---- | M] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk [2012.11.20 10:05:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 10:05:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 10:05:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 10:05:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 10:05:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.16 07:44:58 | 000,445,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 13:27:32 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.11.13 12:45:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.11.08 10:29:56 | 000,534,532 | ---- | M] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf [2012.10.31 16:03:05 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk ========== Files Created - No Company Name ========== [2012.11.22 20:45:20 | 000,634,272 | ---- | C] () -- C:\Users\Antje\Desktop\pcp_claro.exe [2012.11.22 18:15:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.22 18:15:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.22 18:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.22 18:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.22 18:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.22 17:03:39 | 000,022,411 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z [2012.11.22 17:03:34 | 000,019,585 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z [2012.11.22 14:26:51 | 000,059,277 | ---- | C] () -- C:\Users\Antje\Desktop\log.7z [2012.11.22 09:17:59 | 000,000,512 | ---- | C] () -- C:\Users\Antje\Desktop\MBR.dat [2012.11.22 09:11:17 | 000,000,020 | ---- | C] () -- C:\Users\Antje\defogger_reenable [2012.11.21 21:55:13 | 000,297,646 | ---- | C] () -- C:\Users\Antje\Desktop\malware.png [2012.11.21 20:26:52 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 20:19:52 | 000,002,060 | ---- | C] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.21 20:19:52 | 000,001,989 | ---- | C] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk [2012.11.15 23:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 23:01:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 12:45:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.11.08 10:29:55 | 000,534,532 | ---- | C] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf [2012.10.31 16:03:05 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012.09.13 10:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.02.27 10:22:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.02.27 10:22:51 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.20 19:33:21 | 000,012,288 | ---- | C] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.19 14:35:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo [2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro [2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite [2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ [2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite [2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape [2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung [2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software [2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft [2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.22 18:24:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.06.17 10:10:56 | 000,000,000 | ---D | M] -- C:\ATI [2012.11.22 20:54:48 | 000,000,000 | ---D | M] -- C:\Config.Msi [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.14 10:50:10 | 000,000,000 | ---D | M] -- C:\found.000 [2012.02.27 10:23:51 | 000,000,000 | ---D | M] -- C:\LGP970 [2010.06.17 10:09:48 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.21 20:26:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.22 20:55:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.22 21:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.22 18:27:32 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.06.16 22:07:29 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.06.16 22:00:44 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.22 21:17:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.16 22:02:27 | 000,000,000 | R--D | M] -- C:\Users [2012.11.22 21:03:25 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.22 21:01:41 | 000,009,331 | ---- | M] () -- C:\AdwCleaner[S1].txt [2012.11.22 18:27:29 | 000,020,882 | ---- | M] () -- C:\ComboFix.txt [2010.06.16 22:07:50 | 000,000,199 | ---- | M] () -- C:\csb.log [2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys [2010.06.16 22:06:48 | 000,000,086 | ---- | M] () -- C:\Install.log [2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2012.11.22 21:02:58 | 2144,919,552 | -HS- | M] () -- C:\pagefile.sys [2010.06.16 22:05:12 | 000,003,232 | ---- | M] () -- C:\RHDSetup.log [2011.08.19 02:13:20 | 000,000,236 | ---- | M] () -- C:\service.log [2012.11.22 09:32:46 | 000,264,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.txt [2012.11.22 17:01:44 | 000,134,292 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.txt < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES(X86)%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %appdata%\*. > [2010.06.25 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Adobe [2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo [2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ATI [2010.06.17 10:45:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Avira [2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro [2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite [2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.31 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\GRETECH [2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ [2010.06.16 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Identities [2010.06.17 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Macromedia [2012.11.21 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Malwarebytes [2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Media Center Programs [2012.11.19 21:23:06 | 000,000,000 | --SD | M] -- C:\Users\Antje\AppData\Roaming\Microsoft [2010.06.17 09:53:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Mozilla [2011.08.26 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NCH Software [2012.03.14 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Nero [2012.03.14 08:58:30 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NeroDigital [2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite [2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape [2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung [2012.11.02 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Skype [2012.11.02 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\skypePM [2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software [2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft [2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue < %appdata%\*.* > < %localappdata%\*. > [2010.06.25 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Adobe [2011.08.21 12:35:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AMD [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Anwendungsdaten [2010.10.10 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AOL [2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ashampoo [2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ATI [2010.06.17 09:56:02 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Cooliris [2012.11.07 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Diagnostics [2012.09.13 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Downloaded Installations [2012.11.07 23:28:17 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ElevatedDiagnostics [2012.01.23 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Google [2012.11.13 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Kobo [2011.01.07 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft [2010.08.11 08:01:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Games [2010.09.04 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Help [2010.06.17 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Mozilla [2012.03.14 09:55:03 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero [2012.03.14 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero_AG [2010.09.27 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nokia [2010.09.27 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\NokiaAccount [2012.09.13 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Samsung [2012.11.22 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Temp [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Temporary Internet Files [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Verlauf [2010.08.10 10:24:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\VirtualStore < %localappdata%\*.* > [2010.10.20 19:33:32 | 000,012,288 | ---- | M] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 07:45:51 | 000,123,424 | ---- | M] () -- C:\Users\Antje\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.22 21:02:04 | 002,283,930 | -H-- | M] () -- C:\Users\Antje\AppData\Local\IconCache.db < %allusersprofile%\*. > [2012.09.17 09:38:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.08.21 12:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo [2011.08.18 20:54:32 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI [2010.06.17 10:43:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2012.10.31 16:01:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2010.06.17 09:41:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2010.08.09 11:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios [2012.02.27 14:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX [2011.06.18 14:08:45 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2012.11.21 20:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2012.11.07 23:26:33 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2010.06.17 10:19:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.10.11 06:47:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2011.09.02 20:08:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software [2012.03.14 08:56:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2010.09.27 20:42:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia [2010.09.27 20:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache [2011.02.07 15:06:18 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2012.09.13 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung [2010.06.19 14:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010.10.31 10:11:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2011.10.08 11:29:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages [2012.11.22 20:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2010.06.17 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.09.29 15:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom [2010.06.17 09:13:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} < %allusersprofile%\*.* > [2010.06.19 14:35:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat < End of report > |
|
22.11.2012, 21:30
| #24 |
| | zbot Trojaner mit Spybot search & destroy entfernen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 21:15:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antje\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free 4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Antje\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Users\Antje\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 3B 07 80 F8 0D CB 01 [binary data] IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..\SearchScopes\{B85725A4-D551-4712-AC11-068E1C2661B0}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef" FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 20:59:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.22 20:59:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 20:47:03 | 000,000,000 | ---D | M] [2010.06.17 09:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Extensions [2012.11.22 21:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions [2012.10.11 06:47:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Antje\AppData\Roaming\mozilla\Firefox\Profiles\zq16lyiv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.22 16:24:10 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.22 16:24:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.22 20:47:01 | 000,002,516 | ---- | M] () -- C:\Users\Antje\AppData\Roaming\mozilla\firefox\profiles\zq16lyiv.default\searchplugins\mngr.xml [2012.11.22 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.11 06:47:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 06:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 06:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 06:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 06:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 06:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 06:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.22 18:24:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] D:\Programme\Magix\Trayserver.exe (MAGIX AG) O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-463142111-1004638083-774104450-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-463142111-1004638083-774104450-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D2C341-3BDB-4F5F-9981-DE3C8C39F70C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D81028C0-6161-48CA-9302-9C72401D746A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Claro [2012.11.22 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.22 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2012.11.22 20:46:43 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.11.22 20:45:20 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe [2012.11.22 18:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.22 18:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.22 18:15:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.22 18:15:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.22 18:15:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.22 18:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.22 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\ibook [2012.11.21 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\Malwarebytes [2012.11.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.21 20:26:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.21 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware [2012.11.15 23:06:45 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 23:06:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 23:02:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 23:02:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 23:02:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 23:02:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 23:02:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 23:02:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 23:02:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 23:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 23:02:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 23:02:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 23:02:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 23:02:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 23:02:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 23:02:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 23:02:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 23:01:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 23:01:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 23:01:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 23:01:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 21:23:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 21:23:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.13 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\My Digital Editions [2012.11.13 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Local\Kobo [2012.11.13 12:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo [2012.11.13 12:45:41 | 000,000,000 | ---D | C] -- C:\Windows\tmp [2012.11.13 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo [2012.11.11 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender 2013 [2012.11.09 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\Antje\Desktop\Kalender Anke [2012.10.31 16:03:29 | 000,000,000 | ---D | C] -- C:\Users\Antje\AppData\Roaming\GRETECH [2012.10.31 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\Antje\Documents\GomPlayer [2012.10.31 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2012.10.31 16:01:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.31 16:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\GomPlayer ========== Files - Modified Within 30 Days ========== [2012.11.22 21:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 21:08:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 21:03:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 21:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys [2012.11.22 20:45:29 | 000,634,272 | ---- | M] () -- C:\Users\Antje\Desktop\pcp_claro.exe [2012.11.22 20:45:25 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Antje\Desktop\revosetup.exe [2012.11.22 18:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.22 17:03:39 | 000,022,411 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z [2012.11.22 17:03:34 | 000,019,585 | ---- | M] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z [2012.11.22 14:26:51 | 000,059,277 | ---- | M] () -- C:\Users\Antje\Desktop\log.7z [2012.11.22 09:17:59 | 000,000,512 | ---- | M] () -- C:\Users\Antje\Desktop\MBR.dat [2012.11.22 09:11:17 | 000,000,020 | ---- | M] () -- C:\Users\Antje\defogger_reenable [2012.11.21 21:55:13 | 000,297,646 | ---- | M] () -- C:\Users\Antje\Desktop\malware.png [2012.11.21 20:26:52 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 20:19:52 | 000,002,060 | ---- | M] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.21 20:19:52 | 000,001,989 | ---- | M] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk [2012.11.20 10:05:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 10:05:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 10:05:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 10:05:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 10:05:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.16 07:44:58 | 000,445,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 13:27:32 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.11.13 12:45:48 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.11.08 10:29:56 | 000,534,532 | ---- | M] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf [2012.10.31 16:03:05 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk ========== Files Created - No Company Name ========== [2012.11.22 20:45:20 | 000,634,272 | ---- | C] () -- C:\Users\Antje\Desktop\pcp_claro.exe [2012.11.22 18:15:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.22 18:15:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.22 18:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.22 18:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.22 18:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.22 17:03:39 | 000,022,411 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.7z [2012.11.22 17:03:34 | 000,019,585 | ---- | C] () -- C:\Users\Antje\Desktop\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.7z [2012.11.22 14:26:51 | 000,059,277 | ---- | C] () -- C:\Users\Antje\Desktop\log.7z [2012.11.22 09:17:59 | 000,000,512 | ---- | C] () -- C:\Users\Antje\Desktop\MBR.dat [2012.11.22 09:11:17 | 000,000,020 | ---- | C] () -- C:\Users\Antje\defogger_reenable [2012.11.21 21:55:13 | 000,297,646 | ---- | C] () -- C:\Users\Antje\Desktop\malware.png [2012.11.21 20:26:52 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 20:19:52 | 000,002,060 | ---- | C] () -- C:\Users\Antje\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.11.21 20:19:52 | 000,001,989 | ---- | C] () -- C:\Users\Antje\Desktop\Avira DE-Cleaner.lnk [2012.11.15 23:06:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 23:01:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 12:45:48 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.11.08 10:29:55 | 000,534,532 | ---- | C] () -- C:\Users\Antje\Desktop\Scan 1 - Antje.pdf [2012.10.31 16:03:05 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012.09.13 10:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.02.27 10:22:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.02.27 10:22:51 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.20 19:33:21 | 000,012,288 | ---- | C] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.19 14:35:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo [2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro [2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite [2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ [2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite [2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape [2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung [2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software [2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft [2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.22 18:24:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.06.17 10:10:56 | 000,000,000 | ---D | M] -- C:\ATI [2012.11.22 20:54:48 | 000,000,000 | ---D | M] -- C:\Config.Msi [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.14 10:50:10 | 000,000,000 | ---D | M] -- C:\found.000 [2012.02.27 10:23:51 | 000,000,000 | ---D | M] -- C:\LGP970 [2010.06.17 10:09:48 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.21 20:26:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.22 20:55:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.22 21:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.22 18:27:32 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.06.16 22:07:29 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.06.16 22:00:44 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.22 21:17:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.16 22:02:27 | 000,000,000 | R--D | M] -- C:\Users [2012.11.22 21:03:25 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.22 21:01:41 | 000,009,331 | ---- | M] () -- C:\AdwCleaner[S1].txt [2012.11.22 18:27:29 | 000,020,882 | ---- | M] () -- C:\ComboFix.txt [2010.06.16 22:07:50 | 000,000,199 | ---- | M] () -- C:\csb.log [2012.11.22 21:02:56 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys [2010.06.16 22:06:48 | 000,000,086 | ---- | M] () -- C:\Install.log [2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2012.11.22 21:02:58 | 2144,919,552 | -HS- | M] () -- C:\pagefile.sys [2010.06.16 22:05:12 | 000,003,232 | ---- | M] () -- C:\RHDSetup.log [2011.08.19 02:13:20 | 000,000,236 | ---- | M] () -- C:\service.log [2012.11.22 09:32:46 | 000,264,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_09.30.06_log.txt [2012.11.22 17:01:44 | 000,134,292 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_22.11.2012_16.48.32_log.txt < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES(X86)%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %appdata%\*. > [2010.06.25 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Adobe [2012.07.03 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ashampoo [2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ATI [2010.06.17 10:45:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Avira [2012.11.13 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\calibre [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro [2010.06.17 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DAEMON Tools Lite [2011.05.30 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.31 16:03:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\GRETECH [2012.04.19 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\ICQ [2010.06.16 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Identities [2010.06.17 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Macromedia [2012.11.21 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Malwarebytes [2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Media Center Programs [2012.11.19 21:23:06 | 000,000,000 | --SD | M] -- C:\Users\Antje\AppData\Roaming\Microsoft [2010.06.17 09:53:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Mozilla [2011.08.26 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NCH Software [2012.03.14 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Nero [2012.03.14 08:58:30 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\NeroDigital [2011.02.07 15:08:26 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PC Suite [2012.11.22 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PerformerSoft [2011.05.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\PhotoScape [2012.09.13 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Samsung [2012.11.02 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Skype [2012.11.02 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\skypePM [2010.06.17 09:14:28 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\TuneUp Software [2011.10.08 11:32:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Ubisoft [2010.06.17 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Uniblue < %appdata%\*.* > < %localappdata%\*. > [2010.06.25 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Adobe [2011.08.21 12:35:10 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AMD [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Anwendungsdaten [2010.10.10 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\AOL [2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ashampoo [2010.06.16 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ATI [2010.06.17 09:56:02 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Cooliris [2012.11.07 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Diagnostics [2012.09.13 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Downloaded Installations [2012.11.07 23:28:17 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\ElevatedDiagnostics [2012.01.23 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Google [2012.11.13 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Kobo [2011.01.07 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft [2010.08.11 08:01:06 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Games [2010.09.04 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Microsoft Help [2010.06.17 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Mozilla [2012.03.14 09:55:03 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero [2012.03.14 08:56:24 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nero_AG [2010.09.27 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Nokia [2010.09.27 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\NokiaAccount [2012.09.13 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Samsung [2012.11.22 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\Temp [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Temporary Internet Files [2010.06.16 22:02:27 | 000,000,000 | -HSD | M] -- C:\Users\Antje\AppData\Local\Verlauf [2010.08.10 10:24:40 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Local\VirtualStore < %localappdata%\*.* > [2010.10.20 19:33:32 | 000,012,288 | ---- | M] () -- C:\Users\Antje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 07:45:51 | 000,123,424 | ---- | M] () -- C:\Users\Antje\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.22 21:02:04 | 002,283,930 | -H-- | M] () -- C:\Users\Antje\AppData\Local\IconCache.db < %allusersprofile%\*. > [2012.09.17 09:38:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.08.21 12:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.07.03 08:45:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo [2011.08.18 20:54:32 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI [2010.06.17 10:43:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2012.10.31 16:01:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2010.06.17 09:41:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2010.08.09 11:31:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios [2012.02.27 14:33:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX [2011.06.18 14:08:45 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2012.11.21 20:26:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2012.11.07 23:26:33 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2010.06.17 10:19:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.10.11 06:47:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2011.09.02 20:08:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software [2012.03.14 08:56:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2010.09.27 20:42:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia [2010.09.27 20:35:33 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache [2011.02.07 15:06:18 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2012.09.13 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung [2010.06.19 14:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010.10.31 10:11:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2011.10.08 11:29:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages [2012.11.22 20:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2010.06.17 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue [2010.06.16 22:00:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.09.29 15:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom [2010.06.17 09:13:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} < %allusersprofile%\*.* > [2010.06.19 14:35:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2012 21:15:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antje\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,75% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 38,95 Gb Free Space | 49,92% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 202,64 Gb Free Space | 52,28% Space Free | Partition Type: NTFS
Computer Name: ANTJE-PC | User Name: Antje | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-463142111-1004638083-774104450-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0824C42C-8E24-4531-9DC5-25D736DAB48E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09A26208-B21B-4A89-8FD6-985C3FE1E3C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1735E2E8-4139-401C-BAA0-EBAF97065529}" = rport=445 | protocol=6 | dir=out | app=system |
"{1ACBE584-8256-4392-9270-3F5CE456BD5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D5F7234-03AA-4BF0-9EF3-411FBCF1E6B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{24B6513B-D50B-4351-9B86-1969E2CE9FD5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2B6BF0C2-6B52-40B7-932E-268E8BE2A271}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FEBBFA2-0FF6-43E9-A614-04DD5C7750C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F0838DE-110C-41A4-A0E4-67870103AF55}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{55237BE2-1E17-43C2-9F44-0E99402C50E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AE3D1C6-5765-4C25-B539-51C55175ACAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63E849D4-7BE4-4D3D-88B2-C2A6ED6C5744}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6420B9F0-4151-4E38-ABC1-67B6939351E0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{64B8BCDE-37AB-4E11-9F4B-5C8855FF6477}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68E09862-611A-4EB9-9D0A-22352BE1ED1A}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F0573E5-2EE6-4B87-952D-4D5E5A5FC87C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{707A02E6-F461-4868-926A-B28E12797F9B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70A17C48-AE92-4286-BE64-9D6DCA549727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{806BEC7B-2888-4D60-AE54-7C297039EAD0}" = lport=445 | protocol=6 | dir=in | app=system |
"{812C4388-587B-43F8-8FA1-310B83FB102C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A93FBA8-3F8F-403A-9602-8E3C9CF8077F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DA0E0FC-4233-42EB-A5D7-D9E77C08E272}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{99484402-23EB-4DDB-95EC-5A143558B627}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B187241-B5CF-484D-844B-14D78BEFB654}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B06739DB-8518-4D9E-9103-3BE5BFE56A9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B6A002D7-87EB-4755-AA4F-D00670D7C2AC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF108933-8DFF-4FA2-BBE0-EC202FA0058B}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE38D1B7-FEA4-4E1B-8735-03AE691D7D23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFFF0108-A9FE-428E-A6AA-55F9795CD342}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D50AA45E-6CC5-4A7B-BD55-C56366962467}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F010E866-D7A3-4004-BAD0-1AC4634A6DF0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3481A82-40DA-43EC-AF67-6C444C575858}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F43F7009-1373-48F6-872B-ABCA666BB60B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5FBD221-376B-458C-8D08-5933BF2FD7A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDD0EEA4-FBD3-4146-8ACA-F060EC74FF32}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D164FD-295F-4E52-950F-0154C0029C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{07687E99-3A34-4961-A230-EC1415327F34}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15D6D33E-AD86-455B-8B1E-695F32F63670}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20CCF9B2-4A22-482F-8D35-BE3A66B5F147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2314ADA9-1FBD-4C1F-BD90-2711257818BA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2A4A8013-72C0-4849-B3D4-FC93B2BC0833}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{326200BE-C820-4D21-92D2-E0DD15E9D08A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{37805025-E3A5-4487-9620-902F289426A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{39F42D38-5EF9-4D68-B932-0059D0FFFB4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BAEC46E-F709-4F7B-B6C3-698035736E61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FA0ACB8-2960-4E4A-8558-5500CEB38CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D82D223-9EBF-40DB-B721-182C539B7698}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4F731767-10CB-4A1D-8700-61838679BAD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5050BEA1-676F-4F58-8FFE-4D62DC2F9048}" = protocol=6 | dir=out | app=system |
"{549F7521-0D07-4392-BB7B-039FBEA465FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55E7332B-FC43-40D4-A40A-600751BE2CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{5F31C0B4-0B93-4376-B108-B78A49156372}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{629E4A48-95F2-41D6-B627-47C6C6C72614}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{65F5D338-9C3B-47DF-8B68-12AD2334B3FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68BD04DB-8196-4B33-92C9-19AA52FCEC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{6D6825C7-61E6-4A72-8602-AE73AA195DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{6E241698-6D34-40D2-92A2-ADC71A235A09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{769CD8F9-9286-49F4-8056-7E091E9364E0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{7A78F13E-40EF-4B0D-ABD4-71DC97F76F9C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C389588-AE15-4419-A2B6-0F0A113A9675}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8201D70A-A5D7-4D0A-AAF4-2A158F40EA27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{866CB507-9DE9-4ECA-B053-9E96CDAF6E3C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96180466-DEB7-4CB2-A8AE-FC93133DB3CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AAF2F33B-2FC3-4D77-B72E-FAFA4414659E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD37E3F9-AE2D-4DBF-B46B-1FFDD707E442}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF9B9D82-2148-4ADF-92AB-933A8484360D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{BDB3C8B9-C4B4-4176-AEB4-DFC62A2DACAC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BF46750F-5BAD-43FE-9EF9-E03ABAFCAF84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CA295999-DBB0-4D9B-BD04-0DDEAC9B3639}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CE866EFA-290B-4CC3-A16F-E969B585C430}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3DE2EE2-6583-4F52-A7EC-CA6D36F20075}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D6D9C9ED-0CE5-4EE1-896A-63EAD7EDC7EE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{DEE5C1EB-8C82-47DF-B9F6-A190E4190872}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9B36B56-10D7-4B89-99AC-F5596ECF0DD1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2AFF7F8-E122-4EEF-814E-6BD2DDE238D0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{FB04F13C-D882-4B63-A5AE-FCAABA6FECA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{03809CD7-3B43-4EE7-86E6-302EAF052A54}D:\spiele\civcity\civcity rome.exe" = protocol=6 | dir=in | app=d:\spiele\civcity\civcity rome.exe |
"TCP Query User{0D85F48D-C719-4AD3-8284-97763FE48A11}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=6 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe |
"TCP Query User{1932A6DD-E0F0-43CF-8129-95958E6C454B}D:\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno1701\anno1701.exe |
"TCP Query User{40DAB15E-D831-4868-856C-201F5F814AA7}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=6 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe |
"TCP Query User{D5331B2D-08B5-432D-A608-FA9AB3E9F88E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{FE1D9257-16DD-4055-A4F9-00D50605ED1E}D:\spiele\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe |
"UDP Query User{0F71F858-69C2-4FDA-AE8B-2FDBF42D5766}D:\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno1701\anno1701.exe |
"UDP Query User{1D8EC1F9-C307-451E-A510-9222591480EB}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=17 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe |
"UDP Query User{3C1BB965-8FFE-4929-BBAE-11DB22D559DB}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{7B92D24B-1AE7-4014-874F-0A24424F6488}D:\spiele\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe |
"UDP Query User{983FE8CF-26D1-43D8-96D2-3F5D4638BE8D}D:\spiele\civcity\civcity rome.exe" = protocol=17 | dir=in | app=d:\spiele\civcity\civcity rome.exe |
"UDP Query User{DFE101C4-4E04-4042-8C47-2CEA27ED04ED}C:\users\antje\appdata\roaming\efukgo\zigefa.exe" = protocol=17 | dir=in | app=c:\users\antje\appdata\roaming\efukgo\zigefa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{36A5281A-B56F-44AA-23F3-0DD2A37B2825}" = AMD Media Foundation Decoders
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AFCA7057-581F-9CE2-A1BD-65371995C64F}" = AMD Fuel
"{BCC08D47-60ED-FA7F-241B-34BC9947D9FF}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{936783CC-73D3-F125-71A4-BC0697B48167}" = CCC Help English
"{98890E89-0353-D7BB-594D-26A17055A42B}" = Catalyst Control Center Graphics Previews Common
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CCF9FABA-FF1F-AA77-60F5-8A6FD53E78E3}" = AMD VISION Engine Control Center
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"GOM Player" = GOM Player
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Kobo" = Kobo
"MAGIX Videos für unterwegs D" = MAGIX Videos für unterwegs 4.0.0.18 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.11.2012 14:35:12 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea8 Startzeit:
01cdbf720a3215a9 Endzeit: 32 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
55b272e7-2b65-11e2-92e2-1c6f65d644ef
Error - 12.11.2012 10:59:40 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6504.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 53c Startzeit: 01cdc0e62954e773 Endzeit: 8 Anwendungspfad: C:\Program
Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 8b17b502-2cd9-11e2-b778-1c6f65d644ef
Error - 15.11.2012 08:55:14 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 640 Startzeit: 01cdc30465edd8e2 Endzeit: 44197 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 93888fe4-2f23-11e2-98a6-1c6f65d644ef
Error - 21.11.2012 16:54:43 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 90c Startzeit:
01cdc7dc04a3151e Endzeit: 1803 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
8f574e08-341d-11e2-bc57-1c6f65d644ef
Error - 21.11.2012 16:54:54 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9bc Startzeit:
01cdc81e2f7701d1 Endzeit: 125 Anwendungspfad: C:\Program Files\Anti-Malware\mbam.exe
Berichts-ID:
aec2851e-341d-11e2-bc57-1c6f65d644ef
Error - 21.11.2012 16:56:02 | Computer Name = Antje-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 520 Startzeit:
01cdc82a87b644e6 Endzeit: 40 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
d8357dfe-341d-11e2-bc57-1c6f65d644ef
Error - 22.11.2012 09:21:31 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-463142111-1004638083-774104450-1000\$RMM2UY7.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 22.11.2012 15:44:36 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 22.11.2012 15:44:40 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 22.11.2012 15:56:29 | Computer Name = Antje-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Antje\Downloads\SoftonicDownloader_fuer_revo-uninstaller.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
[ Media Center Events ]
Error - 18.06.2010 13:28:43 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:28:43 - Fehler beim Herstellen der Internetverbindung. 19:28:43
- Serververbindung konnte nicht hergestellt werden..
Error - 18.06.2010 13:28:52 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:28:48 - Fehler beim Herstellen der Internetverbindung. 19:28:48
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 08:19:08 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 14:19:08 - Fehler beim Herstellen der Internetverbindung. 14:19:08
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 08:19:42 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 14:19:38 - Fehler beim Herstellen der Internetverbindung. 14:19:38
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 09:20:26 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 15:20:26 - Fehler beim Herstellen der Internetverbindung. 15:20:26
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 09:20:57 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 15:20:55 - Fehler beim Herstellen der Internetverbindung. 15:20:55
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 13:19:17 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:19:17 - Fehler beim Herstellen der Internetverbindung. 19:19:17
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 13:19:52 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 19:19:47 - Fehler beim Herstellen der Internetverbindung. 19:19:47
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 14:20:34 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 20:20:34 - Fehler beim Herstellen der Internetverbindung. 20:20:34
- Serververbindung konnte nicht hergestellt werden..
Error - 21.06.2010 14:21:04 | Computer Name = Antje-PC | Source = MCUpdate | ID = 0
Description = 20:21:04 - Fehler beim Herstellen der Internetverbindung. 20:21:04
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.11.2012 03:19:10 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description =
Error - 21.11.2012 17:17:55 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description =
Error - 22.11.2012 04:11:28 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description =
Error - 22.11.2012 05:12:42 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Drive Defrag-Dienst" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 22.11.2012 13:17:07 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "JMB36X" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 22.11.2012 13:19:58 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 22.11.2012 13:21:50 | Computer Name = Antje-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 22.11.2012 13:22:34 | Computer Name = Antje-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 22.11.2012 13:22:48 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description =
Error - 22.11.2012 16:02:04 | Computer Name = Antje-PC | Source = DCOM | ID = 10010
Description =
[ TuneUp Events ]
Error - 16.01.2012 07:06:47 | Computer Name = Antje-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Und was meinst?!  |
|
22.11.2012, 21:47
| #25 | ||
| /// TB-Ausbilder | zbot Trojaner mit Spybot search & destroy entfernen? Gut soweit ... Rest noch ... Schritt 1: Fix mit OTL Schritt 2: Quick-Scan mit Malwarebytes ESET Online Scanner Zitat:
Schritt 4: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheckSchritt 6: Kontrollscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.11.2012, 21:53
| #26 |
| | zbot Trojaner mit Spybot search & destroy entfernen? All processes killed ========== OTL ========== Prefs.js: "Claro Search" removed from browser.search.defaultenginename Prefs.js: "Claro Search" removed from browser.search.order.1 Prefs.js: "Claro Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=HP_clro&mntrId=a8ea5efd0000000000001c6f65d644ef" removed from browser.startup.homepage Prefs.js: "hxxp://www.claro-search.com/?affID=114506&tt=4712_7&babsrc=KW_clro&mntrId=a8ea5efd0000000000001c6f65d644ef&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bd07eb-0ee0-4df0-8121-dc9b693373df}\ not found. File C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll deleted successfully. File move failed. c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll scheduled to be moved on reboot. ========== FILES ========== File\Folder [2012.11.22 20:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager not found. File\Folder [2012.11.22 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Antje\AppData\Roaming\Claro not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Antje ->Temp folder emptied: 1001002 bytes ->Temporary Internet Files folder emptied: 339569377 bytes ->Java cache emptied: 47782031 bytes ->FireFox cache emptied: 71545777 bytes ->Flash cache emptied: 8839209 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes RecycleBin emptied: 12703658 bytes Total Files Cleaned = 493,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11222012_214954 Files\Folders moved on Reboot... c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll moved successfully. C:\Users\Antje\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.22.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Antje :: ANTJE-PC [Administrator] 22.11.2012 21:54:36 mbam-log-2012-11-22 (21-54-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205787 Laufzeit: 2 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.11.2012, 22:01
| #27 |
| /// TB-Ausbilder | zbot Trojaner mit Spybot search & destroy entfernen? Ganz fleissig und tapfer! ESET wird etwas dauern. Wir lesen uns morgen 
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.11.2012, 22:23
| #28 |
| | zbot Trojaner mit Spybot search & destroy entfernen? Zwischenbericht |
|
22.11.2012, 22:27
| #29 |
| /// TB-Ausbilder | zbot Trojaner mit Spybot search & destroy entfernen? Brauchen wir nicht ... lass es die nacht laufen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.11.2012, 22:49
| #30 |
| | zbot Trojaner mit Spybot search & destroy entfernen? 46% glaub ich lass ihn wirklich die Nacht an *gähn* Danke Dir erst mal ganz arg bis dato! (aber 11 Funde...macht mir schon wieder Angst) Results of screen317's Security Check version 0.99.54 Windows 7 x64 Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` AntiVir Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu zbot Trojaner mit Spybot search & destroy entfernen? |
| beseitigen, destroy, entferne, entfernen, komplette, malewarebytes, neu, search, spybot, troja, trojaner, trojaner zbot, zbot, zbot trojaner |
Textbox.
Button.
und dann 
Linear-Darstellung
