Firefoxe standartsuche Google funktioniert nicht

Ocir33 · 16.01.2013, 17:35

Hallo

ich weiß nicht aber es scheint als wenn wir auf nen lappi nen wurm oder was anderes drauf haben. wenn mann auf der Google seite in die suche was eingeben und es suchen lassen wollen passiert nichts die suche wird nicht ausgeführt, nur wenn mann es oben neben der adresszeile eingiebt geht die google suche !!
OTL_log

Code:

ATTFilter

OTL logfile created on: 16.01.2013 15:26:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M.... ...e\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 36,57% Memory free
3,87 Gb Paging File | 2,16 Gb Available in Paging File | 55,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 391,54 Gb Total Space | 247,31 Gb Free Space | 63,16% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 478,97 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 294,20 Gb Free Space | 98,70% Space Free | Partition Type: NTFS
 
Computer Name: M......E-PC | User Name: M.... ...e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\M.... ...e\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Digital Dynamic\Advanced Backup Manager\backupsvc.exe (Digital Dynamic)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo                         )
PRC - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
PRC - C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\11.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\6.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\3.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\5.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\10.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\9.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\4.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\7.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\0.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\2.mdd ()
MOD - C:\Users\M.....T~1\AppData\Local\Temp\wrd10004.~lk\1.mdd ()
MOD - C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - c:\progra~2\saveas\sprote~1.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\TwonkyMedia\MediaManager\renderer.dll ()
MOD - C:\Program Files\TwonkyMedia\MediaManager\controlpoint.dll ()
MOD - C:\Program Files\TwonkyMedia\MediaManager\cplisc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (backupsvc) -- C:\Program Files\Digital Dynamic\Advanced Backup Manager\backupsvc.exe (Digital Dynamic)
SRV - (updatesvca) -- C:\Windows\System32\updatesvca.dll (Digital Dynamic)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TwonkyMedia) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VirtualImDisk) -- C:\Windows\System32\drivers\virtualimdisk.sys (Olof Lagerkvist)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4\WNt500x86\Sandra.sys (SiSoftware)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 FD 96 47 12 59 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT3272810.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US New E1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=3&q={searchTerms}&CUI=UN16704135536850312"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B25A1388B-6B18-46c3-BEBA-A81915D0DE8F%7D:1.7.8.3
FF - prefs.js..extensions.enabledAddons: %7BC9B68337-E93A-44EA-94DC-CB300EC06444%7D:4.22.0
FF - prefs.js..extensions.enabledAddons: %7Ba1e75a0e-4397-4ba8-bb50-e19fb66890f4%7D:3.16.0.100
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CUI=UN16704135536850312&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2013.01.15 11:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.26 19:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.01.15 11:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\7c32lzmq.default\extensions\extension@preispilot.com [2013.01.16 14:53:56 | 000,000,000 | ---D | M]
 
[2011.08.12 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Extensions
[2013.01.16 15:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions
[2013.01.12 20:05:14 | 000,000,000 | ---D | M] (WhiteSmoke US New E1) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
[2013.01.12 20:06:18 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f1b79fabf28@50f1b79fabf62.com
[2013.01.13 06:41:46 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f24c8915435@50f24c891546d.com
[2012.10.15 07:27:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.01.16 14:53:56 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\extension@preispilot.com
[2013.01.16 11:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\trash
[2013.01.16 14:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\extension@preispilot.com\chrome
[2012.09.13 05:00:34 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.01.10 06:27:24 | 000,516,839 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012.11.01 08:29:06 | 000,491,173 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi
[2012.11.23 12:26:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.10 06:27:24 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.01.16 14:54:53 | 000,001,221 | ---- | M] () -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\7c32lzmq.default\searchplugins\conduit.xml
[2011.08.13 18:38:18 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikdcibhllfknebanabljllcnkmjloac\1\
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdgaennipccbapackpoleglfofpacdd\1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SaveAs) - {81BE7674-E58B-74A8-5D89-0C67E2261A38} - C:\ProgramData\SaveAs\50f1b79fac0bb.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vodafone Media Manager.lnk = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo                         )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0921659C-F994-4ECB-9F3E-DD89537F1F46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1EAD508-83B9-4FE9-8E1E-A5411B620ADE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2D47EBD-9378-4D70-A0CB-E1B2A352771B}: NameServer = 192.168.5.1,192.168.5.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\saveas\sprote~1.dll) - c:\progra~2\saveas\sprote~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPUCooL
[2013.01.16 16:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\CPUCooL
[2013.01.16 15:10:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.01.16 14:54:55 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Opera
[2013.01.16 14:53:58 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.01.16 14:53:53 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\OCS
[2013.01.16 14:53:37 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\DesktopIconForAmazon
[2013.01.16 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Documents\LocaleMetaData
[2013.01.15 13:47:26 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Malwarebytes
[2013.01.15 13:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 13:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 13:47:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 13:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\Programs
[2013.01.15 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Dynamic
[2013.01.15 13:04:50 | 000,034,448 | ---- | C] (Olof Lagerkvist) -- C:\Windows\System32\drivers\virtualimdisk.sys
[2013.01.15 13:04:49 | 000,177,664 | ---- | C] (Digital Dynamic) -- C:\Windows\System32\updatesvca.dll
[2013.01.15 13:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Dynamic
[2013.01.15 13:02:13 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Desktop\Logfiles
[2013.01.15 12:41:42 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013.01.15 11:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013.01.15 11:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013.01.15 11:46:37 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2013.01.15 11:46:37 | 000,077,192 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013.01.15 11:46:37 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013.01.15 11:46:33 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2013.01.15 11:46:23 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.01.15 11:46:22 | 000,481,464 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013.01.15 11:46:21 | 000,622,616 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013.01.15 11:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013.01.15 11:39:28 | 000,161,312 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.01.15 11:39:13 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.01.15 11:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.01.15 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\BitDefender
[2013.01.12 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.12 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloud Software LTD
[2013.01.12 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\SwvUpdater
[2013.01.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\SaveAs
[2013.01.12 19:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2013.01.12 19:59:36 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\Google
[2013.01.12 19:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.01.11 07:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10
[2013.01.09 18:15:09 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 18:15:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 18:15:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 18:15:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 18:15:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 18:15:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 18:12:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 18:08:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 18:08:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 18:08:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 18:08:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 18:08:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 18:08:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 18:07:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 18:07:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 18:07:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 18:07:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 18:07:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 18:07:58 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 18:07:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 18:07:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 18:07:55 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 18:07:55 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 18:07:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 18:02:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012.12.22 03:03:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 03:03:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.19 21:10:30 | 000,000,000 | -HSD | C] -- C:\found.002
[2011.09.28 07:53:06 | 002,750,912 | ---- | C] (J3S GmbH) -- C:\Users\M.... ...e\COMPUTERBILD App-Center-Installation.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 16:21:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.16 16:01:02 | 000,000,993 | ---- | M] () -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2013.01.16 16:00:59 | 000,000,953 | ---- | M] () -- C:\Users\M.... ...e\Desktop\CPUCooL.lnk
[2013.01.16 15:15:17 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 15:15:17 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 15:11:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.16 15:11:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.16 15:11:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.16 15:11:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.16 15:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 15:06:08 | 1558,056,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 14:52:04 | 000,001,645 | ---- | M] () -- C:\Users\M.... ...e\Desktop\licensecrawler_v0125298.exe - Verknüpfung.lnk
[2013.01.16 11:52:20 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 11:51:56 | 000,001,459 | ---- | M] () -- C:\Users\M.... ...e\Desktop\OTL.exe - Verknüpfung.lnk
[2013.01.16 11:14:27 | 001,118,208 | ---- | M] () -- C:\Users\M.... ...e\Documents\Bootzeitprotokoll.evtx
[2013.01.15 13:04:50 | 000,034,448 | ---- | M] (Olof Lagerkvist) -- C:\Windows\System32\drivers\virtualimdisk.sys
[2013.01.15 13:04:49 | 000,177,664 | ---- | M] (Digital Dynamic) -- C:\Windows\System32\updatesvca.dll
[2013.01.15 13:03:42 | 000,001,528 | ---- | M] () -- C:\Users\M.... ...e\Desktop\HijackThis - Verknüpfung.lnk
[2013.01.15 12:41:42 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013.01.15 11:52:23 | 000,728,742 | ---- | M] () -- C:\ProgramData\1358246342.bdinstall.bin
[2013.01.15 11:49:04 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013.01.15 11:49:04 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013.01.15 11:49:04 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2013.01.15 11:48:00 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013.01.15 11:48:00 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013.01.15 11:47:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.01.15 11:29:24 | 000,000,000 | ---- | M] () -- C:\END
[2013.01.15 11:14:40 | 000,077,731 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2013.01.10 06:21:27 | 000,464,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:22:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 18:22:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.08 10:13:18 | 000,029,969 | ---- | M] () -- C:\Users\M.... ...e\Documents\tatt0_1---tmai12d722cf2a306f5e;jsessionid=84AF92A22C38FCCAF1A6D8B327B78D6F-n1.pdf
[2012.12.30 17:18:10 | 225,366,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.01.16 16:01:02 | 000,000,993 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2013.01.16 16:00:59 | 000,000,953 | ---- | C] () -- C:\Users\M.... ...e\Desktop\CPUCooL.lnk
[2013.01.16 14:53:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.01.16 14:52:04 | 000,001,645 | ---- | C] () -- C:\Users\M.... ...e\Desktop\licensecrawler_v0125298.exe - Verknüpfung.lnk
[2013.01.16 11:51:24 | 000,001,459 | ---- | C] () -- C:\Users\M.... ...e\Desktop\OTL.exe - Verknüpfung.lnk
[2013.01.16 11:14:14 | 001,118,208 | ---- | C] () -- C:\Users\M.... ...e\Documents\Bootzeitprotokoll.evtx
[2013.01.15 13:47:18 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 13:03:42 | 000,001,528 | ---- | C] () -- C:\Users\M.... ...e\Desktop\HijackThis - Verknüpfung.lnk
[2013.01.15 11:52:23 | 000,728,742 | ---- | C] () -- C:\ProgramData\1358246342.bdinstall.bin
[2013.01.15 11:49:04 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2013.01.15 11:48:00 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013.01.15 11:48:00 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013.01.15 11:47:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.01.15 11:45:30 | 035,184,777 | -H-- | C] () -- C:\bdr-im01.gz
[2013.01.15 11:45:30 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2013.01.15 11:45:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013.01.15 11:45:30 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013.01.12 20:04:49 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.08 10:13:17 | 000,029,969 | ---- | C] () -- C:\Users\M.... ...e\Documents\tatt0_1---tmai12d722cf2a306f5e;jsessionid=84AF92A22C38FCCAF1A6D8B327B78D6F-n1.pdf
[2012.06.22 05:23:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.06.10 11:33:37 | 000,000,126 | ---- | C] () -- C:\ProgramData\search_result.xml
[2012.02.12 10:37:38 | 000,033,134 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\UserTile.png
[2011.09.25 17:30:07 | 011,137,024 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Sandra.mdb
[2011.09.25 17:30:07 | 000,000,064 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Sandra.ldb
[2011.09.25 15:59:35 | 000,000,123 | ---- | C] () -- C:\Windows\System32\QVPMON.INI
[2011.09.07 19:31:00 | 000,000,094 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\sversion.ini
[2011.09.07 19:26:05 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011.08.14 18:25:50 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.14 18:25:50 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.14 18:25:49 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.14 18:25:49 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.14 18:25:49 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.08.13 12:29:04 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011.08.13 10:48:17 | 000,077,731 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.10.03 08:38:26 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Ashampoo
[2011.08.31 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Babylon
[2013.01.15 11:17:49 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\BitDefender
[2011.09.21 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Canneverbe Limited
[2013.01.16 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\DesktopIconForAmazon
[2011.09.25 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Engelmann Media
[2011.08.13 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\GHISLER
[2011.08.13 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\GoPal Assistant
[2011.09.22 03:54:29 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\ImgBurn
[2011.10.05 07:04:36 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Lexware
[2011.09.07 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Lingo4u
[2011.09.06 21:04:25 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\MAGIX
[2013.01.16 14:53:53 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\OCS
[2011.09.01 04:08:55 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\OpenOffice.org
[2013.01.16 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Opera
[2011.08.13 10:50:37 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\QuickScan
[2012.03.19 12:42:50 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\SMA
[2011.08.13 11:49:02 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Thunderbird
[2011.09.26 05:43:04 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.01.15 11:14:42 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2013.01.15 11:02:47 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

und AmbM-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
M.... ...e :: M......E-PC [Administrator]

Schutz: Aktiviert

15.01.2013 13:50:08
mbam-log-2013-01-15 (13-50-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte  Suchlaufeinstellungen: Speicher | Autostart | Registrierung |  Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336702
Laufzeit: 3 Stunde(n), 28 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\M....  ...e\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Content.IE5\P305MHRM\50f1b79fc430f[1].exe (Adware.Dropper) ->  Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\M....  ...e\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Content.IE5\ZR4PZCEU\50f24c892cb17[1].exe (Adware.Dropper) ->  Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\M....  ...e\AppData\Local\Temp\{F2A2D171-C33C-44B7-A65C-8B1E2941F387}\Addons\coupon_setup.exe  (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\M....  ...e\Downloads\SoftonicDownloader_fuer_openoffice(2).exe  (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne  gestellt.
C:\Users\M....  ...e\Downloads\SoftonicDownloader_fuer_openoffice.exe  (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne  gestellt.
C:\Users\M....  ...e\Downloads\SoftonicDownloader_fuer_cdburnerxp-pro.exe  (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne  gestellt.
C:\Users\M....  ...e\Downloads\SoftonicDownloader_fuer_magix-video-deluxe.exe  (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne  gestellt.
C:\Users\M....  ...e\Downloads\SoftonicDownloader_fuer_openoffice(1).exe  (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne  gestellt.

(Ende)was ist zu tun?

markusg · 16.01.2013, 17:40

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O20 - AppInit_DLLs: (c:\progra~2\saveas\sprote~1.dll) - c:\progra~2\saveas\sprote~1.dll ()
MOD - c:\progra~2\saveas\sprote~1.dll ()
[2013.01.12 20:06:18 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f1b79fabf28@50f1b79fabf62.com
[2013.01.13 06:41:46 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f24c8915435@50f24c891546d.com
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikdcibhllfknebanabljllcnkmjloac\1\
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdgaennipccbapackpoleglfofpacdd\1\
O2 - BHO: (SaveAs) - {81BE7674-E58B-74A8-5D89-0C67E2261A38} - C:\ProgramData\SaveAs\50f1b79fac0bb.dll ()
O2 - BHO: (SaveAs) - {81BE7674-E58B-74A8-5D89-0C67E2261A38} - C:\ProgramData\SaveAs\50f1b79fac0bb.dll ()
[2013.01.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\SaveAs
 :Files
c:\progra~2\saveas
C:\ProgramData\SaveAs
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Ocir33 · 16.01.2013, 18:37

hat scheinbar nicht richtig funktioniert

es ist nirgends mehr ein ordner oder eine datei mit OTL zu finden!! alles weg!!

markusg · 16.01.2013, 21:00

dann hast du auf bereinigen und nicht auf fix geklickt, lads noch mal runter und versuchs erneut

Ocir33 · 18.01.2013, 11:32

So hab noch mal einen OTL scan gemacht!!

Code:

ATTFilter

OTL logfile created on: 18.01.2013 10:58:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M.... ...e\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,33% Memory free
3,87 Gb Paging File | 2,00 Gb Available in Paging File | 51,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 391,54 Gb Total Space | 264,47 Gb Free Space | 67,55% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 478,95 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
 
Computer Name: M.......E-PC | User Name: M.... ...e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\M.... ...e\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Digital Dynamic\Advanced Backup Manager\backupsvc.exe (Digital Dynamic)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Epson Software\Download Navigator\EPSDNAVI.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Users\M.... ...e\AppData\Local\Temp\EPSON\Download Navigator\20130118105308\EPSON Remote Print\Remote_Print_Driver_x86_161\WINX86\SETUP\SETUP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\Download Navigator\EPSDNRUD.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CPUCooL\CPUCooL.exe ()
PRC - C:\Program Files\CPUCooL\CooLSrv.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
PRC - C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\drvinst.exe (Microsoft Corporation)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\3802e86c54c8a435573e3f78c6632fa0\DeskUpdateNotifier.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - c:\progra~2\saveas\sprote~1.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - C:\Program Files\CPUCooL\CPUCooL.exe ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (backupsvc) -- C:\Program Files\Digital Dynamic\Advanced Backup Manager\backupsvc.exe (Digital Dynamic)
SRV - (updatesvca) -- C:\Windows\System32\updatesvca.dll (Digital Dynamic)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CPUCooLServer) -- C:\Program Files\CPUCooL\CooLSrv.exe ()
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TwonkyMedia) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VirtualImDisk) -- C:\Windows\System32\drivers\virtualimdisk.sys (Olof Lagerkvist)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4\WNt500x86\Sandra.sys (SiSoftware)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 FD 96 47 12 59 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013.01.18 11:02:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2013.01.15 11:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.26 19:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.01.15 11:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\7c32lzmq.default\extensions\extension@preispilot.com
 
[2011.08.12 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Extensions
[2013.01.16 20:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\extensions
[2013.01.16 20:18:49 | 000,516,839 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\0g2z3pyo.default-1358363421822\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.01.16 20:18:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\0g2z3pyo.default-1358363421822\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.16 20:18:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\M.... ...e\AppData\Roaming\mozilla\firefox\profiles\0g2z3pyo.default-1358363421822\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.08.13 18:38:18 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikdcibhllfknebanabljllcnkmjloac\1\
CHR - Extension: SaveAs = C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdgaennipccbapackpoleglfofpacdd\1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SaveAs) - {81BE7674-E58B-74A8-5D89-0C67E2261A38} - C:\ProgramData\SaveAs\50f1b79fac0bb.dll ()
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPLTarget\P0000000000000002] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk = C:\Program Files\CPUCooL\CPUCooL.exe ()
O4 - Startup: C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vodafone Media Manager.lnk = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe (PacketVideo                         )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0921659C-F994-4ECB-9F3E-DD89537F1F46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1EAD508-83B9-4FE9-8E1E-A5411B620ADE}: DhcpNameServer = 192.168.2.1 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2D47EBD-9378-4D70-A0CB-E1B2A352771B}: NameServer = 192.168.5.1,192.168.5.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\saveas\sprote~1.dll) - c:\progra~2\saveas\sprote~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.18 10:50:52 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013.01.17 17:47:53 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2013.01.17 17:47:47 | 000,095,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TLBHSE.DLL
[2013.01.17 17:47:43 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TD4BHSE.DLL
[2013.01.17 11:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013.01.17 09:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013.01.17 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Epson
[2013.01.17 09:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013.01.17 09:32:22 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppmon.dll
[2013.01.17 09:32:22 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppui.dll
[2013.01.17 09:32:22 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enspres.dll
[2013.01.17 09:32:22 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enpres.dll
[2013.01.17 09:32:21 | 000,475,410 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppmon.dll
[2013.01.17 09:32:21 | 000,458,129 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppui.dll
[2013.01.17 09:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013.01.17 09:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2013.01.17 09:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013.01.17 09:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013.01.17 09:29:50 | 000,341,504 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esw2ud.dll
[2013.01.17 09:29:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2013.01.17 09:29:50 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\escdev.dll
[2013.01.17 09:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2013.01.17 09:24:21 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\.oit
[2013.01.17 09:24:16 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Documents\My PageManager
[2013.01.17 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\NewSoft
[2013.01.17 09:23:38 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\NewSoft
[2013.01.17 09:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
[2013.01.16 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Desktop\Alte Firefox-Daten
[2013.01.16 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.16 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPUCooL
[2013.01.16 16:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\CPUCooL
[2013.01.16 15:10:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.01.16 14:54:55 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Opera
[2013.01.16 14:53:58 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.01.16 14:53:53 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\OCS
[2013.01.16 14:53:37 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\DesktopIconForAmazon
[2013.01.16 11:14:28 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Documents\LocaleMetaData
[2013.01.15 13:47:26 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Malwarebytes
[2013.01.15 13:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 13:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 13:47:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 13:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\Programs
[2013.01.15 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Dynamic
[2013.01.15 13:04:50 | 000,034,448 | ---- | C] (Olof Lagerkvist) -- C:\Windows\System32\drivers\virtualimdisk.sys
[2013.01.15 13:04:49 | 000,177,664 | ---- | C] (Digital Dynamic) -- C:\Windows\System32\updatesvca.dll
[2013.01.15 13:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Dynamic
[2013.01.15 13:02:13 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\Desktop\Logfiles
[2013.01.15 12:41:42 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013.01.15 11:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013.01.15 11:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013.01.15 11:46:37 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2013.01.15 11:46:37 | 000,077,192 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013.01.15 11:46:37 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013.01.15 11:46:33 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2013.01.15 11:46:23 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.01.15 11:46:22 | 000,481,464 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013.01.15 11:46:21 | 000,622,616 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013.01.15 11:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013.01.15 11:39:28 | 000,161,312 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.01.15 11:39:13 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.01.15 11:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.01.15 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Roaming\BitDefender
[2013.01.12 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.12 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloud Software LTD
[2013.01.12 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\SwvUpdater
[2013.01.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\SaveAs
[2013.01.12 19:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2013.01.12 19:59:36 | 000,000,000 | ---D | C] -- C:\Users\M.... ...e\AppData\Local\Google
[2013.01.12 19:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.01.11 07:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10
[2013.01.09 18:15:09 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 18:15:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 18:15:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 18:15:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 18:15:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 18:15:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 18:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 18:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 18:15:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 18:15:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 18:12:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 18:08:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 18:08:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 18:08:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 18:08:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 18:08:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 18:08:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 18:07:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 18:07:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 18:07:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 18:07:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 18:07:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 18:07:58 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 18:07:56 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 18:07:56 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 18:07:55 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 18:07:55 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 18:07:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 18:02:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012.12.22 03:03:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 03:03:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.19 21:10:30 | 000,000,000 | -HSD | C] -- C:\found.002
[2011.09.28 07:53:06 | 002,750,912 | ---- | C] (J3S GmbH) -- C:\Users\M.... ...e\COMPUTERBILD App-Center-Installation.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.18 10:57:46 | 000,001,459 | ---- | M] () -- C:\Users\M.... ...e\Desktop\OTL.exe - Verknüpfung.lnk
[2013.01.18 10:21:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.18 08:53:57 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 08:53:56 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 08:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.18 08:43:50 | 1558,056,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 17:45:34 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2013.01.17 17:45:33 | 000,081,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TD4BHSE.DLL
[2013.01.17 17:45:32 | 000,095,232 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_TLBHSE.DLL
[2013.01.17 10:18:18 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013.01.17 09:38:47 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013.01.17 09:37:22 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss
[2013.01.16 18:46:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.16 16:01:02 | 000,000,993 | ---- | M] () -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2013.01.16 16:00:59 | 000,000,953 | ---- | M] () -- C:\Users\M.... ...e\Desktop\CPUCooL.lnk
[2013.01.16 15:11:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.16 15:11:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.16 15:11:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.16 15:11:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.16 14:52:04 | 000,001,645 | ---- | M] () -- C:\Users\M.... ...e\Desktop\licensecrawler_v0125298.exe - Verknüpfung.lnk
[2013.01.16 11:52:20 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 11:14:27 | 001,118,208 | ---- | M] () -- C:\Users\M.... ...e\Documents\Bootzeitprotokoll.evtx
[2013.01.15 13:04:50 | 000,034,448 | ---- | M] (Olof Lagerkvist) -- C:\Windows\System32\drivers\virtualimdisk.sys
[2013.01.15 13:04:49 | 000,177,664 | ---- | M] (Digital Dynamic) -- C:\Windows\System32\updatesvca.dll
[2013.01.15 13:03:42 | 000,001,528 | ---- | M] () -- C:\Users\M.... ...e\Desktop\HijackThis - Verknüpfung.lnk
[2013.01.15 12:41:42 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013.01.15 11:52:23 | 000,728,742 | ---- | M] () -- C:\ProgramData\1358246342.bdinstall.bin
[2013.01.15 11:49:04 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013.01.15 11:49:04 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013.01.15 11:49:04 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2013.01.15 11:48:00 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013.01.15 11:48:00 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013.01.15 11:47:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.01.15 11:29:24 | 000,000,000 | ---- | M] () -- C:\END
[2013.01.15 11:14:40 | 000,077,731 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2013.01.10 06:21:27 | 000,464,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:22:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 18:22:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.08 10:13:18 | 000,029,969 | ---- | M] () -- C:\Users\M.... ...e\Documents\tatt0_1---tmai12d722cf2a306f5e;jsessionid=84AF92A22C38FCCAF1A6D8B327B78D6F-n1.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.18 10:55:33 | 000,001,459 | ---- | C] () -- C:\Users\M.... ...e\Desktop\OTL.exe - Verknüpfung.lnk
[2013.01.17 09:38:47 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013.01.17 09:29:51 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013.01.17 09:22:33 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss
[2013.01.16 18:46:37 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.16 16:01:02 | 000,000,993 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2013.01.16 16:00:59 | 000,000,953 | ---- | C] () -- C:\Users\M.... ...e\Desktop\CPUCooL.lnk
[2013.01.16 14:53:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.01.16 14:52:04 | 000,001,645 | ---- | C] () -- C:\Users\M.... ...e\Desktop\licensecrawler_v0125298.exe - Verknüpfung.lnk
[2013.01.16 11:14:14 | 001,118,208 | ---- | C] () -- C:\Users\M.... ...e\Documents\Bootzeitprotokoll.evtx
[2013.01.15 13:47:18 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 13:03:42 | 000,001,528 | ---- | C] () -- C:\Users\M.... ...e\Desktop\HijackThis - Verknüpfung.lnk
[2013.01.15 11:52:23 | 000,728,742 | ---- | C] () -- C:\ProgramData\1358246342.bdinstall.bin
[2013.01.15 11:49:04 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2013.01.15 11:48:00 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013.01.15 11:48:00 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013.01.15 11:47:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.01.15 11:45:30 | 035,184,777 | -H-- | C] () -- C:\bdr-im01.gz
[2013.01.15 11:45:30 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2013.01.15 11:45:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013.01.15 11:45:30 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013.01.12 20:04:49 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.08 10:13:17 | 000,029,969 | ---- | C] () -- C:\Users\M.... ...e\Documents\tatt0_1---tmai12d722cf2a306f5e;jsessionid=84AF92A22C38FCCAF1A6D8B327B78D6F-n1.pdf
[2012.06.22 05:23:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.06.10 11:33:37 | 000,000,126 | ---- | C] () -- C:\ProgramData\search_result.xml
[2012.02.12 10:37:38 | 000,033,134 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\UserTile.png
[2011.09.25 17:30:07 | 011,137,024 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Sandra.mdb
[2011.09.25 17:30:07 | 000,000,064 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\Sandra.ldb
[2011.09.25 15:59:35 | 000,000,123 | ---- | C] () -- C:\Windows\System32\QVPMON.INI
[2011.09.07 19:31:00 | 000,000,094 | ---- | C] () -- C:\Users\M.... ...e\AppData\Roaming\sversion.ini
[2011.09.07 19:26:05 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011.08.14 18:25:50 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.14 18:25:50 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.14 18:25:49 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.14 18:25:49 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.14 18:25:49 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.08.13 12:29:04 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011.08.13 10:48:17 | 000,077,731 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.18 10:21:22 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\.oit
[2011.10.03 08:38:26 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Ashampoo
[2011.08.31 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Babylon
[2013.01.15 11:17:49 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\BitDefender
[2011.09.21 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Canneverbe Limited
[2013.01.16 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\DesktopIconForAmazon
[2011.09.25 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Engelmann Media
[2013.01.18 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Epson
[2011.08.13 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\GHISLER
[2011.08.13 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\GoPal Assistant
[2011.09.22 03:54:29 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\ImgBurn
[2011.10.05 07:04:36 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Lexware
[2011.09.07 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Lingo4u
[2011.09.06 21:04:25 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\MAGIX
[2013.01.17 09:23:38 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\NewSoft
[2013.01.16 14:53:53 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\OCS
[2011.09.01 04:08:55 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\OpenOffice.org
[2013.01.16 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Opera
[2011.08.13 10:50:37 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\QuickScan
[2012.03.19 12:42:50 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\SMA
[2011.08.13 11:49:02 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\Thunderbird
[2011.09.26 05:43:04 | 000,000,000 | ---D | M] -- C:\Users\M.... ...e\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.01.15 11:14:42 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2013.01.15 11:02:47 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 18.01.2013 10:58:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M.... ...e\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,33% Memory free
3,87 Gb Paging File | 2,00 Gb Available in Paging File | 51,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 391,54 Gb Total Space | 264,47 Gb Free Space | 67,55% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 478,95 Gb Free Space | 98,09% Space Free | Partition Type: NTFS
 
Computer Name: M.......E-PC | User Name: M.... ...e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08529B7C-2C94-4CAE-8E14-2BE5E3072419}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B320040-86E4-40E8-A1B0-38DF2B1A6D59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D95EADD-B029-44FA-8490-42204A3AF742}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{261CFA7C-B84D-4DC9-AFC0-328C59B5C6C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29DF1F4E-588B-460B-A809-BBA112DED2D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2FAAB46B-F423-4A72-8CAB-8524CCDFCF41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41C010E0-4FBE-40CF-847A-CCC4DF3509BB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4BE5B26C-AA4B-4454-AAE3-90BDF36BD2FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4DADCAB2-810A-46CD-AB77-156A4A17F0E3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4DC99BA0-51A1-4C94-9B9F-27F58EB42931}" = lport=138 | protocol=17 | dir=in | app=system | 
"{501DA518-C280-4730-8844-668E236BC65B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50D844A4-819A-45CA-8988-E5F7555D2818}" = rport=445 | protocol=6 | dir=out | app=system | 
"{55AC0117-9088-42B8-9086-C1142C79260F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74D26412-365A-46E9-8881-1232337ACBF9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B47BC90-9EBF-4849-90EA-253AD1BD63D6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8607B1B9-4B3E-440C-947B-F1752BD61C58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86704BBE-1B5C-4503-9316-38BC58A46E5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C80775D-1E70-4AE8-8FD0-9FBDE451F9E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A3AFB6BF-39AB-4256-B093-F0FF3E373BA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A938DC17-E6D3-46AB-91B6-37286D9E31F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B20C2D2C-5DE7-406D-9125-791DE9C36D66}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9AA961A-00A7-466A-ABB5-69E07C611B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4F79AFF-2DF3-4B4F-BCCE-98B9758A7C23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C552CD6D-9BFE-4C91-B996-9D2E8C2DAB7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6C0C7FB-FAE8-4D30-932B-FB93BDB74F9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C7CF0D6D-0236-48E3-8187-A802ADAD9D2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CBB88293-B72E-4913-B879-79BB2C59591F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DBD321C6-CDA0-4BE6-BBA7-ACA092661FB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E72ECE46-B7C1-425A-93B0-75731BA03CE2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E95FF4FD-57CD-49F1-8726-2CF9FF8B677F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF418BA2-2326-429E-8EF8-B433AD8434C4}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C08BC1C-8351-4D43-B5FC-7A5FD6EB34FD}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"{1023C354-E285-4128-8BC1-7292B9A929F8}" = protocol=6 | dir=out | app=system | 
"{18B7BC16-AD97-4D88-9EE8-17F0B145437B}" = protocol=6 | dir=in | app=c:\users\M.... ...e\appdata\local\temp\ocs\downloads\d340164aef134ca45f5d3a3a8b8d1b79\38a9a2bd481c318de68b1ad291d5302f\swe-et-imbundle.exe | 
"{1A1F7661-508B-403D-A4F7-2732DA4403F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2070D387-FB85-4B86-80D5-95B970C504F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{26E3555F-5A48-4A76-9501-0D06C5DC6A07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EDE90A3-982B-4EEE-A019-6723FBFC3785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C213457-BD71-41DB-A56A-A0228ED68AD1}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"{3D48CF02-F234-4C05-9F3B-21CD71CDBBEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{40F0801D-F573-408D-B6E4-F6AFFA47AC36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{482E78CC-400A-49E0-A889-8EA8BDE4FE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{541B7309-3858-4805-B4F1-E251430551DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66997374-8520-4A03-B940-E13D50B13150}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7365D1E5-35FA-4C98-ACC8-16F8E18F1595}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7505388E-13A2-4507-BE0F-2137273108C2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{79084F94-897B-400D-8F16-D9311CAB567C}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{7952A8E9-C122-43CC-B2EC-C0969E508410}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8C1E3F3C-03EA-4B1B-BB85-E4F57FB7A4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F1E7309-6A35-4978-83D3-167A929CC084}" = protocol=17 | dir=in | app=c:\users\M.... ...e\appdata\local\temp\ocs\downloads\d340164aef134ca45f5d3a3a8b8d1b79\38a9a2bd481c318de68b1ad291d5302f\swe-et-imbundle.exe | 
"{A5F2F87D-158A-4A31-B4C5-2690113B34A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B8EB4683-C49B-4051-9509-FC549D691C83}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3FB6768-B8E2-4BC2-8C0E-FAF82DEFBE67}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{D0B8E409-5C64-4D44-8294-A17FBBF103AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D84D6E77-E0C6-4372-8AA4-764CC90E725D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DCC6F537-5B8F-46AC-9EC5-94D2D4FC01BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFF595F3-9041-43F0-B67C-F4F8F065C5AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0D9FA18-A568-4E98-92C4-51AAA684DDAC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E43C9284-2C35-48C8-BD07-8C1B8B56C712}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{E4A0A988-F482-42A0-9399-A0FD5DB32D0E}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{EDEB431E-F67D-4101-88E3-4A985669A11A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1361263-AE1C-4AE5-A8B5-2908DA5AA8C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0476AB7D-2424-4A8F-B8D9-4F15BA7662CF}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe | 
"TCP Query User{8FACD662-8819-48BA-AB36-73E1054BB324}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe | 
"TCP Query User{9960DB24-7F28-4C94-B5B3-B826207A8E3D}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"UDP Query User{3B71A044-2090-48BB-84CF-328692089924}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"UDP Query User{5DEB3248-1647-424C-8A04-AA4E70156C52}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe | 
"UDP Query User{D74BDDFE-7764-46D9-987E-D854D6FE1F40}C:\program files\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files\sma\sunny explorer\sunnyexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39FCD08F-E311-4959-84B9-1012023724B9}" = Sunny Explorer
"{3A3A3B34-6EA2-4031-8580-D66D29533E89}" = Download Navigator
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{864BE784-3642-4F2C-A995-E4223CA8899B}" = COMPUTERBILD App-Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{DC4071FC-A3FF-4F6B-0001-CCB79085A90A}" = Formatwandler 4 SE
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB86D0C1-E6AA-48DA-A8ED-AFD7A0AACC0A}" = HE@D PC_Program
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FB897D16-F0A7-4674-96F1-1C26963BA244}" = Epson E-Web Print
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Backup Manager" = Advanced Backup Manager
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Assistant" = Assistant 5.05.013
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"CHIP Powertool_is1" = CHIP Powertool 1.3.4
"CPUCooL" = CPUCooL (remove only)
"DeskUpdate_is1" = DeskUpdate 4.11
"dm-Fotowelt" = dm-Fotowelt
"EPSON BX935FWD Series" = EPSON BX935FWD Series Printer Uninstall
"EPSON BX935FWD Series Netg" = Netzwerkhandbuch EPSON BX935FWD Series
"EPSON BX935FWD Series Useg" = Benutzerhandbuch EPSON BX935FWD Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Remote Print" = Druckerdeinstallation für EPSON Remote Print
"EPSON Scanner" = EPSON Scan
"ImgBurn" = ImgBurn
"LingoDict_is1" = LingoDict 2.1
"MAGIX_MSI_Videodeluxe17" = MAGIX Video deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Sunny Data Control" = Sunny Data Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.11
"Vodafone Media Manager" = Vodafone Media Manager
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StarOffice 7" = StarOffice 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 06:29:01 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dm-Fotowelt.exe, Version: 0.0.0.0,
 Zeitstempel: 0x50bf9f94  Name des fehlerhaften Moduls: CWFoto0.dll, Version: 0.1.0.0,
 Zeitstempel: 0x50bf9d8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00029f4b  ID des fehlerhaften
 Prozesses: 0x174c  Startzeit der fehlerhaften Anwendung: 0x01cdf49d6410caa9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files\dm\dm-Fotowelt\CWFoto0.dll  Berichtskennung:
 b564817d-6090-11e2-9be3-00a0d1ccd4ce
 
Error - 17.01.2013 10:00:50 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TARNHSE.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4d9e5ce9  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0xc30  Startzeit der fehlerhaften Anwendung: 0x01cdf4b4d06c254c  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TARNHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 4c2720cf-60ae-11e2-9be3-00a0d1ccd4ce
 
Error - 17.01.2013 10:00:59 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TATIHSE.EXE, Version: 7.0.1.0, 
Zeitstempel: 0x4d9e5d0f  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0x1360  Startzeit der fehlerhaften Anwendung: 0x01cdf4bae63280b8  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 5166e4dc-60ae-11e2-9be3-00a0d1ccd4ce
 
Error - 17.01.2013 10:03:01 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TARNHSE.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4d9e5ce9  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0x1500  Startzeit der fehlerhaften Anwendung: 0x01cdf4bb5598859a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TARNHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 9a981487-60ae-11e2-9be3-00a0d1ccd4ce
 
Error - 17.01.2013 12:01:22 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TARNHSE.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4d9e5ce9  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0x17ac  Startzeit der fehlerhaften Anwendung: 0x01cdf4cbdb45bf8a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TARNHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 22e2bf75-60bf-11e2-9bea-00a0d1ccd4ce
 
Error - 17.01.2013 12:02:47 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TARNHSE.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4d9e5ce9  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0x13a8  Startzeit der fehlerhaften Anwendung: 0x01cdf4cc110b562a  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TARNHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 556aab1e-60bf-11e2-9bea-00a0d1ccd4ce
 
Error - 17.01.2013 12:03:34 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_TARNHSE.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4d9e5ce9  Name des fehlerhaften Moduls: E_TERSHSE.DLL, Version: 1.0.2.9,
 Zeitstempel: 0x4d6f442e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067eee  ID des fehlerhaften
 Prozesses: 0xb2c  Startzeit der fehlerhaften Anwendung: 0x01cdf4cc2700d7ea  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TARNHSE.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TERSHSE.DLL
Berichtskennung:
 716e6781-60bf-11e2-9bea-00a0d1ccd4ce
 
Error - 17.01.2013 12:47:06 | Computer Name = M........e-PC | Source = RpcNs | ID = 2
Description = 
 
Error - 17.01.2013 15:56:21 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CEWE FOTOSCHAU.exe, Version: 0.0.0.0,
 Zeitstempel: 0x50bf9d3d  Name des fehlerhaften Moduls: CEWE FOTOSCHAU.exe, Version:
 0.0.0.0, Zeitstempel: 0x50bf9d3d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001c806
ID
 des fehlerhaften Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01cdf4ec7f02a110
Pfad
 der fehlerhaften Anwendung: C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe  Berichtskennung:
 f67a8b0c-60df-11e2-9bea-00a0d1ccd4ce
 
Error - 17.01.2013 19:10:39 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TwonkyMediaManager.exe, Version: 
3.0.0.0, Zeitstempel: 0x4ab2437a  Name des fehlerhaften Moduls: controlpoint.dll, 
Version: 2.0.1.11, Zeitstempel: 0x4c3788cc  Ausnahmecode: 0xc000000d  Fehleroffset: 
0x00043ec5  ID des fehlerhaften Prozesses: 0x118c  Startzeit der fehlerhaften Anwendung:
 0x01cdf4ca31e5ce84  Pfad der fehlerhaften Anwendung: C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\TwonkyMedia\MediaManager\controlpoint.dll
Berichtskennung:
 1b7f08af-60fb-11e2-9bea-00a0d1ccd4ce
 
Error - 18.01.2013 05:53:51 | Computer Name = M........e-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: _is934B.exe, Version: 12.0.0.58849,
 Zeitstempel: 0x45b1a378  Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855,
 Zeitstempel: 0x46eef1f1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00096f3b  ID des fehlerhaften
 Prozesses: 0x17a4  Startzeit der fehlerhaften Anwendung: 0x01cdf56198f8b823  Pfad der
 fehlerhaften Anwendung: C:\Users\MARIOT~1\AppData\Local\Temp\_is934B.exe  Pfad des
 fehlerhaften Moduls: C:\Users\MARIOT~1\AppData\Local\Temp\{EC2F6CE3-FC55-4C63-A09E-20C55FF79CAE}\ISSetup.dll
Berichtskennung:
 f5eb3191-6154-11e2-9b11-00a0d1ccd4ce
 
[ Media Center Events ]
Error - 21.09.2011 03:19:37 | Computer Name = M........e-PC | Source = MCUpdate | ID = 0
Description = 09:19:37 - Fehler beim Herstellen der Internetverbindung.  09:19:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.09.2011 03:19:49 | Computer Name = M........e-PC | Source = MCUpdate | ID = 0
Description = 09:19:42 - Fehler beim Herstellen der Internetverbindung.  09:19:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.12.2012 02:20:27 | Computer Name = M........e-PC | Source = MCUpdate | ID = 0
Description = 07:20:25 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 18.12.2012 02:21:41 | Computer Name = M........e-PC | Source = MCUpdate | ID = 0
Description = 07:20:35 - Fehler beim Herstellen der Internetverbindung.  07:20:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 17.01.2013 04:38:28 | Computer Name = M........e-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.01.2013 04:38:33 | Computer Name = M........e-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.01.2013 07:51:17 | Computer Name = M........e-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.107  registriert werden. Der Computer mit IP-Adresse 192.168.2.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 17.01.2013 11:44:19 | Computer Name = M........e-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 17.01.2013 11:47:40 | Computer Name = M........e-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Backup service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 17.01.2013 11:50:38 | Computer Name = M........e-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 17.01.2013 16:27:47 | Computer Name = M........e-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.01.2013 03:44:27 | Computer Name = M........e-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?01.?2013 um 08:36:36 unerwartet heruntergefahren.
 
Error - 18.01.2013 05:04:21 | Computer Name = M........e-PC | Source = bowser | ID = 8003
Description = 
 
Error - 18.01.2013 05:28:23 | Computer Name = M........e-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

brauche ich einen nneuen script?
und wie bekomme ich die sweetim .toolbar weg?

markusg · 18.01.2013, 18:13

hatt jemand von einem scan gesprochen? du möchtest bitte den Fix von oben ausführen, danke.

Ocir33 · 19.01.2013, 14:42

so die OTL Moved zip ist hochgeladen und hier noch die log von fix

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\saveas\sprote~1.dll deleted successfully.
c:\progra~2\saveas\sprote~1.dll moved successfully.
Folder C:\Users\M.... ....e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f1b79fabf28@50f1b79fabf62.com\ not found.
Folder C:\Users\M.... ....e\AppData\Roaming\mozilla\Firefox\Profiles\7c32lzmq.default\extensions\50f24c8915435@50f24c891546d.com\ not found.
C:\Users\M.... ....e\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikdcibhllfknebanabljllcnkmjloac\1 folder moved successfully.
C:\Users\M.... ....e\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdgaennipccbapackpoleglfofpacdd\1 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81BE7674-E58B-74A8-5D89-0C67E2261A38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81BE7674-E58B-74A8-5D89-0C67E2261A38}\ deleted successfully.
C:\ProgramData\SaveAs\50f1b79fac0bb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81BE7674-E58B-74A8-5D89-0C67E2261A38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81BE7674-E58B-74A8-5D89-0C67E2261A38}\ not found.
File C:\ProgramData\SaveAs\50f1b79fac0bb.dll not found.
C:\Program Files\SaveAs folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: M.... ....e
->Flash cache emptied: 1089 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: M.... ....e
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1876427 bytes
->Java cache emptied: 19018474 bytes
->FireFox cache emptied: 50457858 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 642426352 bytes
RecycleBin emptied: 19514760 bytes
 
Total Files Cleaned = 699,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01192013_142309

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg · 19.01.2013, 15:44

wieso ist eig deine firefox und thunderbird version, laut signatur so alt, aktuell sind jeweils die Versionen 18
Upload hat geklappt.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Ocir33 · 19.01.2013, 17:03

ich müßte mal meine signatur abändern bzw aktualiesiere das problem oben ist aber auf den rechner von meinen Bruder.

markusg · 19.01.2013, 18:58

Hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ocir33 · 22.01.2013, 12:09

so hier nun das combofix-log.

Code:

ATTFilter

ComboFix 13-01-21.04 - M.... ...e 22.01.2013  11:37:20.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1981.763 [GMT 1:00]
ausgeführt von:: c:\users\M.... ...e\Downloads\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1358246342.bdinstall.bin
c:\users\M.... ...e\4.0
c:\users\M.... ...e\4.0\desktop.ini
c:\users\M.... ...e\videos\DXSETUP.exe
c:\windows\system32\uxt7AD.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-22 bis 2013-01-22  ))))))))))))))))))))))))))))))
.
.
2013-01-22 10:49 . 2013-01-22 10:49    --------    dc----w-    c:\users\M.... ...e\AppData\Local\temp
2013-01-22 10:49 . 2013-01-22 10:49    --------    dc----w-    c:\users\Default\AppData\Local\temp
2013-01-22 10:29 . 2011-11-21 14:10    21312    ----a-w-    c:\windows\system32\authuitu.dll
2013-01-22 10:29 . 2011-11-21 14:10    30016    ----a-w-    c:\windows\system32\uxtuneup.dll
2013-01-20 13:51 . 2013-01-20 13:51    --------    d-----w-    c:\windows\system32\syncdb
2013-01-20 12:24 . 2012-06-01 04:37    154624    ----a-w-    c:\windows\system32\iisRtl.dll
2013-01-20 12:24 . 2012-06-01 04:35    50688    ----a-w-    c:\windows\system32\admwprox.dll
2013-01-20 12:24 . 2012-06-01 04:34    15360    ----a-w-    c:\windows\system32\iisreset.exe
2013-01-20 12:24 . 2012-06-01 04:40    10752    ----a-w-    c:\windows\system32\wamregps.dll
2013-01-20 12:24 . 2012-06-01 04:37    8192    ----a-w-    c:\windows\system32\iisrstap.dll
2013-01-20 12:24 . 2012-06-01 04:35    26624    ----a-w-    c:\windows\system32\ahadmin.dll
2013-01-19 20:08 . 2013-01-19 20:09    --------    d-----w-    c:\program files\Mozilla Firefox 4.0 Beta 10
2013-01-19 14:15 . 2013-01-19 14:15    --------    d-----w-    c:\windows\system32\BestPractices
2013-01-19 14:15 . 2013-01-19 14:15    --------    dc----w-    C:\inetpub
2013-01-19 13:23 . 2013-01-19 13:38    --------    dc----w-    C:\_OTL
2013-01-17 16:47 . 2013-01-17 16:45    8192    ----a-w-    c:\windows\system32\E_DCINST.DLL
2013-01-17 16:47 . 2013-01-17 16:45    95232    ----a-w-    c:\windows\system32\E_TLBHSE.DLL
2013-01-17 16:47 . 2013-01-17 16:45    81408    ----a-w-    c:\windows\system32\E_TD4BHSE.DLL
2013-01-17 10:22 . 2013-01-17 10:22    --------    d-----w-    c:\program files\Common Files\EPSON
2013-01-17 08:38 . 2013-01-17 08:38    --------    d-----w-    c:\programdata\UDL
2013-01-17 08:33 . 2013-01-18 09:49    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\Epson
2013-01-17 08:32 . 2010-09-13 14:01    458129    ----a-w-    c:\windows\system32\ensppui.dll
2013-01-17 08:32 . 2010-09-13 14:00    475410    ----a-w-    c:\windows\system32\ensppmon.dll
2013-01-17 08:32 . 2008-06-18 10:49    249344    ----a-w-    c:\windows\system32\enspres.dll
2013-01-17 08:32 . 2008-06-18 10:49    249344    ----a-w-    c:\windows\system32\enpres.dll
2013-01-17 08:32 . 2010-09-13 14:01    458129    ----a-w-    c:\windows\system32\enppui.dll
2013-01-17 08:32 . 2010-09-13 14:00    475410    ----a-w-    c:\windows\system32\enppmon.dll
2013-01-17 08:32 . 2013-01-17 08:32    --------    d-----w-    c:\program files\EpsonNet
2013-01-17 08:31 . 2013-01-18 10:02    --------    d-----w-    c:\program files\EPSON Software
2013-01-17 08:30 . 2013-01-18 09:59    --------    d-----w-    c:\programdata\EPSON
2013-01-17 08:29 . 2009-12-08 23:00    341504    ----a-w-    c:\windows\system32\esw2ud.dll
2013-01-17 08:29 . 2009-10-15 23:00    132560    ----a-w-    c:\windows\system32\esdevapp.exe
2013-01-17 08:29 . 2009-10-15 23:00    12800    ----a-w-    c:\windows\system32\escdev.dll
2013-01-17 08:29 . 2013-01-18 09:57    --------    d-----w-    c:\program files\epson
2013-01-17 08:24 . 2013-01-18 09:21    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\.oit
2013-01-17 08:24 . 2013-01-17 08:24    --------    dc----w-    c:\users\M.... ...e\AppData\Local\NewSoft
2013-01-17 08:23 . 2013-01-17 08:23    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\NewSoft
2013-01-17 08:20 . 2013-01-17 08:20    --------    d-----w-    c:\program files\Common Files\NewSoft
2013-01-16 17:46 . 2013-01-16 17:46    --------    d-----w-    c:\program files\CCleaner
2013-01-16 15:00 . 2013-01-21 15:26    --------    d-----w-    c:\program files\CPUCooL
2013-01-16 14:10 . 2013-01-16 14:10    --------    d-----w-    c:\windows\system32\IO
2013-01-16 13:53 . 2011-03-25 21:42    338432    ----a-w-    c:\windows\system32\sqlite36_engine.dll
2013-01-16 13:53 . 2011-05-13 13:16    493056    ----a-w-    c:\windows\system32\dhRichClient3.dll
2013-01-16 13:53 . 2013-01-16 13:53    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\OCS
2013-01-16 13:53 . 2013-01-16 14:11    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\DesktopIconForAmazon
2013-01-15 12:47 . 2013-01-15 12:47    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\Malwarebytes
2013-01-15 12:47 . 2013-01-15 12:47    --------    d-----w-    c:\programdata\Malwarebytes
2013-01-15 12:47 . 2013-01-15 12:47    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-01-15 12:47 . 2012-12-14 15:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-15 12:46 . 2013-01-15 12:46    --------    d-----w-    c:\users\M.... ...e\AppData\Local\Programs
2013-01-15 12:04 . 2013-01-15 12:04    34448    ----a-w-    c:\windows\system32\drivers\virtualimdisk.sys
2013-01-15 12:04 . 2013-01-15 12:04    177664    ----a-w-    c:\windows\system32\updatesvca.dll
2013-01-15 12:04 . 2013-01-15 12:04    --------    d-----w-    c:\program files\Digital Dynamic
2013-01-15 11:41 . 2013-01-15 11:41    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-01-15 10:47 . 2013-01-15 10:47    --------    d-----w-    c:\programdata\BDLogging
2013-01-15 10:46 . 2012-09-21 16:16    66392    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-01-15 10:46 . 2012-07-06 13:13    77192    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2013-01-15 10:46 . 2007-04-11 09:11    511328    ----a-w-    c:\windows\capicom.dll
2013-01-15 10:46 . 2009-07-14 21:27    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-01-15 10:46 . 2012-11-02 12:17    242504    ----a-w-    c:\windows\system32\drivers\avchv.sys
2013-01-15 10:46 . 2012-10-10 13:00    481464    ----a-w-    c:\windows\system32\drivers\avckf.sys
2013-01-15 10:46 . 2012-10-10 13:00    622616    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-01-15 10:45 . 2013-01-15 10:50    --------    d-----w-    c:\programdata\Bitdefender
2013-01-15 10:39 . 2012-08-29 16:24    161312    ----a-w-    c:\windows\system32\drivers\gzflt.sys
2013-01-15 10:39 . 2013-01-15 10:39    --------    d-----w-    c:\program files\Bitdefender
2013-01-15 10:39 . 2012-10-31 11:13    343456    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-01-15 10:17 . 2013-01-15 10:17    --------    d-----w-    c:\users\M.... ...e\AppData\Roaming\BitDefender
2013-01-13 07:11 . 2013-01-13 07:11    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA71E43-6883-4CDE-9C9F-7657C43B87F3}\offreg.dll
2013-01-12 19:06 . 2013-01-12 19:06    --------    d-----w-    c:\programdata\Cloud Software LTD
2013-01-12 19:05 . 2013-01-15 10:32    --------    d-----w-    c:\users\M.... ...e\AppData\Local\SwvUpdater
2013-01-12 18:59 . 2013-01-19 13:23    --------    d-----w-    c:\programdata\SaveAs
2013-01-12 18:59 . 2013-01-12 18:59    --------    dc----w-    c:\users\M.... ...e\AppData\Local\Google
2013-01-12 18:58 . 2013-01-15 10:31    --------    d-----w-    c:\programdata\InstallMate
2013-01-11 09:43 . 2012-11-08 18:00    6812136    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA71E43-6883-4CDE-9C9F-7657C43B87F3}\mpengine.dll
2013-01-09 17:12 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\system32\usp10.dll
2013-01-09 17:12 . 2012-11-23 02:56    2345984    ----a-w-    c:\windows\system32\win32k.sys
2013-01-09 17:12 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\system32\win32spl.dll
2013-01-09 17:09 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2013-01-09 17:08 . 2012-12-07 10:46    43520    ----a-w-    c:\windows\system32\csrr.rs
2013-01-09 17:08 . 2012-12-07 10:46    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2013-01-09 17:08 . 2012-12-07 10:46    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2013-01-09 17:08 . 2012-12-07 10:46    46592    ----a-w-    c:\windows\system32\fpb.rs
2013-01-09 17:08 . 2012-12-07 10:46    40960    ----a-w-    c:\windows\system32\cob-au.rs
2013-01-09 17:08 . 2012-12-07 10:46    15360    ----a-w-    c:\windows\system32\djctq.rs
2013-01-09 17:07 . 2012-12-07 12:20    2576384    ----a-w-    c:\windows\system32\gameux.dll
2013-01-09 17:07 . 2012-12-07 10:46    30720    ----a-w-    c:\windows\system32\usk.rs
2013-01-09 17:07 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2013-01-09 17:07 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi.rs
2013-01-09 17:07 . 2012-12-07 10:46    21504    ----a-w-    c:\windows\system32\grb.rs
2013-01-09 17:07 . 2012-12-07 12:26    308736    ----a-w-    c:\windows\system32\Wpc.dll
2013-01-09 17:07 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2013-01-09 17:07 . 2012-12-07 10:46    51712    ----a-w-    c:\windows\system32\esrb.rs
2013-01-09 17:07 . 2012-12-07 10:46    23552    ----a-w-    c:\windows\system32\oflc.rs
2013-01-09 17:07 . 2012-12-07 10:46    55296    ----a-w-    c:\windows\system32\cero.rs
2013-01-09 17:07 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-01-09 17:02 . 2012-11-23 02:48    49152    ----a-w-    c:\windows\system32\taskhost.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 04:04 . 2011-09-21 09:27    893552    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-22 04:03 . 2011-09-21 09:26    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-01-21 04:50 . 2011-09-06 21:37    893552    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-21 04:50 . 2011-09-06 21:36    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-21 04:50 . 2011-10-08 07:33    1236816    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-19 16:33 . 2011-09-07 18:40    43528    ------w-    c:\windows\system32\drivers\PxHelp20.sys
2013-01-19 16:33 . 2011-09-07 18:40    118520    ------w-    c:\windows\system32\pxinsi64.exe
2013-01-19 16:33 . 2011-09-07 18:40    116472    ------w-    c:\windows\system32\pxcpyi64.exe
2013-01-15 10:14 . 2011-08-13 09:48    77731    ----a-w-    c:\programdata\bdinstall.bin
2013-01-09 17:22 . 2012-04-11 04:07    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:22 . 2011-08-12 17:11    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-22 02:03    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:03    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-13 05:03 . 2011-09-06 21:36    1236816    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-14 02:09 . 2012-12-14 02:14    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 02:14    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 02:14    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 02:14    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 02:14    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 02:14    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 04:20    2048    ----a-w-    c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 04:20    376832    ----a-w-    c:\windows\system32\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSE.EXE" [2013-01-17 220800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DeskUpdateNotifier"="c:\program files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-12-05 1613368]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
.
c:\users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vodafone Media Manager.lnk - c:\program files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe [2010-7-9 7488577]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^M.... ...e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 7.lnk]
path=c:\users\M.... ...e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 7.lnk
backup=c:\windows\pss\StarOffice 7.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07    252296    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 15:18    90112    ----a-w-    c:\program files\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 updatesvca;Update service for installed software;c:\windows\system32\svchost.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP4\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 backupsvc;Backup service;c:\program files\Digital Dynamic\Advanced Backup Manager\backupsvc.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S2 TwonkyMedia;TwonkyMedia;c:\program files\TwonkyMedia\twonkymediaserverwatchdog.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S2 VirtualImDisk;Virtual Disk Driver;c:\windows\system32\DRIVERS\virtualimdisk.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
update    REG_MULTI_SZ       updatesvca
ftpsvc    REG_MULTI_SZ       ftpsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:23]
.
2012-10-03 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
- c:\program files\TuneUp Utilities 2010\OneClick.exe [2011-11-21 14:15]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F2D47EBD-9378-4D70-A0CB-E1B2A352771B}: NameServer = 192.168.5.1,192.168.5.3
FF - ProfilePath - c:\users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-01-11 07:26; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox 4.0 Beta 10\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-16 20:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-16 20:18; {dc572301-7619-498c-a57d-39143191b318}; c:\users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2013-01-16 20:18; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-01-18 11:02; e-webprint@epson.com; c:\program files\Epson Software\E-Web Print\Firefox Add-on
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
MSConfigStartUp-IMBooster - c:\program files\Iminent\IMBooster\imbooster.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22  11:51:24
ComboFix-quarantined-files.txt  2013-01-22 10:51
.
Vor Suchlauf: 13 Verzeichnis(se), 279.112.355.840 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 281.018.499.072 Bytes frei
.
- - End Of File - - D4F8E4AE99C8FB035AF6E22F668C2E06

markusg · 22.01.2013, 12:22

hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Ocir33 · 22.01.2013, 12:52

so liste fertig

Code:

ATTFilter

AAVUpdateManager    Akademische Arbeitsgemeinschaft    03.10.2011    18,5MB    16.00.0000  unbekannt
Adobe Flash Player 11 ActiveX    Adobe Systems Incorporated    16.01.2013    6,00MB    11.5.502.146 notwendig
Adobe Flash Player 11 Plugin    Adobe Systems Incorporated    16.01.2013    6,00MB    11.5.502.146 notwendig
Adobe Reader X (10.1.5) - Deutsch    Adobe Systems Incorporated    10.01.2013    150MB    10.1.5 notwendig
Advanced Backup Manager    Digital Dynamic    16.01.2013    5,98GB    3.15.0 unnötig
Ashampoo Burning Studio 6 FREE v.6.80    ashampoo GmbH & Co. KG    28.09.2011    39,3MB    6.8.0 unnötig
Assistant 5.05.013    Medion    16.01.2013        5.5.13.0  unbekannt
Benutzerhandbuch EPSON BX935FWD Series        21.01.2013    notwendig    
Bitdefender Internet Security 2013    Bitdefender    16.01.2013        16.25.0.1710 notwendig
CCleaner    Piriform    24.09.2012        3.23 notwendig
CDBurnerXP    CDBurnerXP    21.09.2011    16,9MB    4.3.8.2631 notwendig
CHIP Powertool 1.3.4    CHIP & Winfuture    16.01.2013        unnötig
COMPUTERBILD App-Center    J3S    28.09.2011    3,10MB    1.1.15 unnötig
DeskUpdate 4.11    Fujitsu Technology Solutions    14.08.2011    3,25MB    4.11.0074 notwendig
DivX    DivX, Inc.    16.01.2013        6.1.1 notwendig
DivX Player    DivXNetworks, Inc.    16.01.2013        6.1 notwendig
dm-Fotowelt    CEWE COLOR AG u Co. OHG    16.01.2013    394MB    5.0.1 notwendig
Download Navigator    SEIKO EPSON CORPORATION    18.01.2013    6,14MB    3.4.0 notwendig
Druckerdeinstallation für EPSON BX935FWD Series    SEIKO EPSON Corporation    21.01.2013     notwendig    
Druckerdeinstallation für EPSON Remote Print    SEIKO EPSON Corporation    18.01.2013     notwendig    
Epson Connect Printer Setup    SEIKO EPSON CORPORATION    17.01.2013    8,32MB    1.1.1 notwendig
Epson E-Web Print    SEIKO EPSON CORPORATION    18.01.2013    14,6MB    1.15.0000 notwendig
Epson Easy Photo Print 2    SEIKO EPSON CORPORATION    17.01.2013        2.3.0.0 notwendig
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)    SEIKO EPSON CORPORATION2    17.01.2013        1.00.0000 notwendig
Epson Event Manager    SEIKO EPSON CORPORATION    17.01.2013    40,5MB    2.50.0001 notwendig
Epson FAX Utility    SEIKO EPSON CORPORATION    21.01.2013        1.20.00 notwendig
Epson PC-FAX Driver        17.01.2013        notwendig
EPSON Printer Finder    SEIKO EPSON CORPORATION    17.01.2013    1,79MB    1.0.0 notwendig
EPSON Scan    Seiko Epson Corporation    17.01.2013        notwendig
EpsonNet Print    SEIKO EPSON CORPORATION    17.01.2013        2.4j notwendig
Firebird SQL Server - MAGIX Edition    MAGIX AG    06.09.2011    10,1MB    2.1.27.0 notwendig
Formatwandler 4 SE    S.A.D.    25.09.2011    72,8MB    4.0.11.800 notwendig
HE@D PC_Program    HEAD    01.02.2012        1.00.0000 notwendig
ImgBurn    LIGHTNING UK!    22.09.2011        2.5.5.0 notwendig
Java(TM) 6 Update 22    Oracle    01.09.2011    97,0MB    6.0.220 notwendig
Java(TM) 7 Update 5    Oracle    08.07.2012    99,3MB    7.0.50 notwendig
JavaFX 2.1.1    Oracle Corporation    08.07.2012    20,8MB    2.1.1 notwendig
JDownloader 0.9    AppWork GmbH    16.01.2013        0.9 unnötig
Lexware Info Service    Haufe-Lexware GmbH & Co.KG    05.10.2011    12,4MB    2.70.00.0081 notwendig
LingoDict 2.1    Lingo4you GbR    16.01.2013        2.1 notwendig
MAGIX Screenshare    MAGIX AG    06.09.2011    1,43MB    4.3.6.1987 notwendig
MAGIX Speed burnR (MSI)    MAGIX AG    06.09.2011    53,0MB    7.0.2.6 notwendig
MAGIX Video deluxe 17 Download-Version    MAGIX AG    16.01.2013        10.0.1.14 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100    Malwarebytes Corporation    15.01.2013    18,4MB    1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    16.01.2013    38,8MB    4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack    Microsoft Corporation    16.01.2013    2,93MB    4.0.30319 notwendig
Microsoft Office Home and Student 2010    Microsoft Corporation    16.01.2013        14.0.6029.1000 notwendig/bedingt
Microsoft Silverlight    Microsoft Corporation    15.05.2012    102MB    5.1.10411.0 notwendig
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    27.08.2011    300KB    8.0.59193 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729    Microsoft Corporation    18.12.2011    234KB    9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    13.08.2011    596KB    9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    01.09.2011    232KB    9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    27.08.2011    600KB    9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    15.12.2012    15,0MB    10.0.40219 notwendig
Mozilla Firefox 18.0.1 (x86 de)    Mozilla    20.01.2013    48,2MB    18.0.1 notwendig
Mozilla Maintenance Service    Mozilla    20.01.2013    330KB    18.0.1 notwendig
Mozilla Thunderbird 10.0.2 (x86 de)    Mozilla    16.01.2013    37,3MB    10.0.2 notwendig
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    07.09.2011    35,0KB    4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    07.09.2011    1,33MB    4.20.9876.0 notwendig
Nero 10 Kwik Themes 1    Nero AG    21.09.2011    25,9MB    10.6.10100.1.0 unnötig
Nero Digital        16.01.2013    notwendig    
Nero Kwik Media    Nero AG    21.09.2011    250MB    10.6.12300 unnötig
Nero Prerequisite Installer 1.0    Nero AG    14.12.2012    1,00MB    11.0.11500 notwendig
Netzwerkhandbuch EPSON BX935FWD Series        21.01.2013        notwendig
OpenOffice.org 3.3    OpenOffice.org    01.09.2011    412MB    3.3.9567 notwendig
PL-2303 USB-to-Serial    Prolific Technology INC    01.02.2012        1.5.0  unnötig
PL-2303 Vista Driver Installer    Prolific    01.02.2012        3.2.0.0 unnötig
Preispilot für Firefox    Preispilot    16.01.2013    1,75MB    2.0 notwendig
QuickSteuer 2011    Haufe-Lexware GmbH & Co.KG    02.04.2012    497MB    17.07.00.0001 notwendig
SiSoftware Sandra Lite 2011.SP4    SiSoftware    25.09.2011    103MB    17.70.2011.8 unnötig
Skype Click to Call    Skype Technologies S.A.    31.10.2012    19,5MB    6.3.11079 unnötig
Skype™ 6.0    Skype Technologies S.A.    14.12.2012    20,3MB    6.0.126 notwendig
StarOffice 7    Sun Microsystems, Inc.    07.09.2011        7 unnötig
Steuer-Spar-Erklärung 2011    Akademische Arbeitsgemeinschaft Verlag    03.10.2011    382MB    16.14 notwendig
Sunny Data Control        16.01.2013        notwendig(solaranlagenüberwachng)sehr wichtig
Sunny Explorer    SMA Solar Technology AG    19.03.2012    42,8MB    1.3.4 notwendig
Synaptics Pointing Device Driver    Synaptics    16.01.2013        11.2.4.0 notwendig
Total Commander (Remove or Repair)    Ghisler Software GmbH    16.01.2013        7.56a notwendig
TuneUp Utilities    TuneUp Software    22.01.2013        9.0.6030.1 unnötig
TwonkyMedia Windows Components    PacketVideo    22.06.2012    1,88MB    1.0.0 unnötig
VLC media player 1.1.11    VideoLAN    16.01.2013        1.1.11 notwendig
Vodafone Media Manager        16.01.2013        2.0.1.11 notwendig
Windows Mobile-Gerätecenter    Microsoft Corporation    13.08.2011    27,4MB    6.1.6965.0 notwendig
WinRAR 4.01 (32-Bit)    win.rar GmbH    16.01.2013        4.01.0 notwendig

markusg · 22.01.2013, 13:11

deinstaliere:
AAVUpdateManager
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Advanced
Ashampoo
CHIP
COMPUTERBILD
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
PL: beide
SiSoftware
StarOffice
TuneUp
TwonkyMedia

Öffne CCleaner, analysieren, starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Ocir33 · 24.01.2013, 17:28

so hier nun von adware der log

Code:

ATTFilter

# AdwCleaner v2.107 - Datei am 24/01/2013 um 17:24:46 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : M.... ...e - M........E-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\M.... ...e\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gefunden : C:\Users\Public\Desktop\Babylon.lnk
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\SaveAs
Ordner Gefunden : C:\Users\M.... ...e\AppData\Local\Babylon
Ordner Gefunden : C:\Users\M.... ...e\AppData\Local\SwvUpdater
Ordner Gefunden : C:\Users\M.... ...e\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\M.... ...e\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\SProtector
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : HKU\S-1-5-21-3922767297-2351193677-2653227948-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\M.... ...e\AppData\Roaming\Mozilla\Firefox\Profiles\0g2z3pyo.default-1358363421822\prefs.js

Gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Gefunden : user_pref("aol_toolbar.default.search.check", false);
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\M.... ...e\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4328 octets] - [24/01/2013 17:24:46]

########## EOF - C:\AdwCleaner[R1].txt - [4388 octets] ##########

java installtiion läuft gerade

18.01.2013, 18:13	#6
markusg /// Malware-holic	Firefoxe standartsuche Google funktioniert nicht hatt jemand von einem scan gesprochen? du möchtest bitte den Fix von oben ausführen, danke. __________________ --> Firefoxe standartsuche Google funktioniert nicht

Firefoxe standartsuche Google funktioniert nicht

Plagegeister aller Art und deren Bekämpfung: Firefoxe standartsuche Google funktioniert nicht