mystart by incredimail ist zu entfernen

Zsófia · 23.01.2013, 17:29

Hallo,

heute habe ich etwas herunterladen und dabei auch mystart by incredimail. Ich benutze Google Chrome und dieser ist nun verseucht, weil babylonsearch nun das Startfenster ist und sich bei jedem neuen Tab gleich mystart öffnet.
Mit CCleaner und unter Systemsteuerung/Programme habe ich incredimail teils entfernen können. Main AVG zeigt keine Bedrohungen an, jedoch tat dies SpyHunter (91Bedrohungen), welches ich gleich danach deinstallierte, weil es nur kostenpflichtig behebt.
Ich habe mir Defogger (http://www.trojaner-board.de/69886-a...-beachten.html) heruntergeladen, musste neu starten, doch er gibt keine Fehlermeldung bekannt. Im Gegensatz dazu habe ich nun zwei Berichte von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2013.01.23. 17:12:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erika\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,21% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 258,04 Gb Free Space | 55,40% Space Free | Partition Type: NTFS
 
Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Erika\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=117025&tt=230113_srchb_0413_3&babsrc=SP_ss&mntrId=18656a9b00000000000000241d747079
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{823790B7-E6FD-41F1-AC0B-04CFB021A66E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWFfyEun&i=26
IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=117025&tt=230113_srchb_0413_3&babsrc=HP_ss&mntrId=18656a9b00000000000000241d747079"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.24 12:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.18 09:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 10:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.24 19:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\mozilla\Extensions
[2013.01.23 12:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\mozilla\Firefox\Profiles\ounb98zv.default\extensions
[2013.01.23 11:05:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Erika\AppData\Roaming\mozilla\Firefox\Profiles\ounb98zv.default\extensions\ffxtlbr@incredibar.com
[2013.01.23 12:19:27 | 000,002,445 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\mozilla\firefox\profiles\ounb98zv.default\searchplugins\babylon1.xml
[2013.01.23 11:04:52 | 000,002,203 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\mozilla\firefox\profiles\ounb98zv.default\searchplugins\MyStart Search.xml
[2012.09.15 10:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.23 12:19:18 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 04:51:45 | 000,000,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-hu.xml
[2012.09.06 04:51:45 | 000,001,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2012.09.06 04:51:45 | 000,000,974 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vatera.xml
[2012.09.06 04:51:45 | 000,001,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-hu.xml
 
========== Chrome ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=117025&tt=230113_srchb_0413_3&babsrc=SP_ss&mntrId=18656a9b00000000000000241d747079
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bustatech theme = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnohflgafpephcmdnnghnhappjbdfbko\1.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.08.24 17:37:34 | 000,000,894 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 10.6.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4272AE7-5B61-4A65-8047-6817F60C2973}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.23 15:45:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 16:38:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Erika\Desktop\OTL.exe
[2013.01.23 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 15:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.01.23 12:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.01.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Roaming\Babylon
[2013.01.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.01.23 11:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.23 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Local\7-Zip Uninstaller
[2013.01.23 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2013.01.13 16:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.13 16:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.09 11:48:51 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 11:48:51 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 11:48:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 11:48:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 11:48:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 11:48:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 11:48:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 11:48:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 11:48:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 11:48:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 11:48:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 11:48:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 11:48:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 11:48:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 11:48:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 11:48:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 11:48:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 11:48:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 11:48:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 11:48:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 11:48:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 11:48:36 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 11:48:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 11:48:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 11:48:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 11:48:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 11:48:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 11:48:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 11:48:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 11:48:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 11:48:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 11:48:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 11:48:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 11:48:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 11:48:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 11:48:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 11:48:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 11:48:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 11:48:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 11:48:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 11:48:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 11:48:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 11:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 11:48:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 11:48:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 11:48:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 11:48:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 11:48:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 11:48:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 11:48:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 11:48:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 16:55:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 16:55:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 16:48:09 | 000,002,283 | ---- | M] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.23 16:48:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 16:47:56 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.01.23 16:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.23 16:47:49 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 16:46:07 | 000,000,020 | ---- | M] () -- C:\Users\Erika\defogger_reenable
[2013.01.23 16:45:43 | 000,050,477 | ---- | M] () -- C:\Users\Erika\Desktop\Defogger.exe
[2013.01.23 16:38:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erika\Desktop\OTL.exe
[2013.01.23 16:36:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 15:45:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.01.23 15:19:03 | 107,257,550 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013.01.23 11:32:12 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.23 11:05:25 | 000,000,455 | ---- | M] () -- C:\user.js
[2013.01.22 22:22:25 | 000,491,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013.01.21 18:31:53 | 000,098,779 | ---- | M] () -- C:\Users\Erika\Desktop\pg219.epub
[2013.01.20 23:35:23 | 001,621,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.20 23:35:23 | 000,681,244 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.01.20 23:35:23 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.20 23:35:23 | 000,169,810 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.01.20 23:35:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.17 23:43:39 | 000,134,841 | ---- | M] () -- C:\Users\Erika\Desktop\Shakespeare-Celan.pdf
[2013.01.13 16:27:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.11 15:30:02 | 000,354,144 | ---- | M] () -- C:\Users\Erika\Desktop\EinfuehrungindieLogik.pdf
[2013.01.10 18:39:42 | 000,388,976 | ---- | M] () -- C:\Users\Erika\Desktop\18.pdf
[2013.01.10 18:39:32 | 000,386,173 | ---- | M] () -- C:\Users\Erika\Desktop\17.pdf
[2013.01.10 18:39:21 | 000,351,514 | ---- | M] () -- C:\Users\Erika\Desktop\16.pdf
[2013.01.10 18:39:11 | 000,525,595 | ---- | M] () -- C:\Users\Erika\Desktop\15.pdf
[2013.01.10 18:38:18 | 000,458,921 | ---- | M] () -- C:\Users\Erika\Desktop\14.pdf
[2013.01.10 18:38:07 | 000,348,635 | ---- | M] () -- C:\Users\Erika\Desktop\13.pdf
[2013.01.10 18:37:52 | 000,372,576 | ---- | M] () -- C:\Users\Erika\Desktop\12.pdf
[2013.01.10 18:37:44 | 000,448,052 | ---- | M] () -- C:\Users\Erika\Desktop\11.pdf
[2013.01.10 18:37:32 | 000,481,503 | ---- | M] () -- C:\Users\Erika\Desktop\10.pdf
[2013.01.10 18:34:12 | 000,408,553 | ---- | M] () -- C:\Users\Erika\Desktop\9.pdf
[2013.01.10 18:33:49 | 000,448,677 | ---- | M] () -- C:\Users\Erika\Desktop\8.pdf
[2013.01.10 18:33:40 | 000,492,420 | ---- | M] () -- C:\Users\Erika\Desktop\7.pdf
[2013.01.10 18:33:29 | 000,394,263 | ---- | M] () -- C:\Users\Erika\Desktop\6.pdf
[2013.01.10 18:33:11 | 000,499,920 | ---- | M] () -- C:\Users\Erika\Desktop\5.pdf
[2013.01.10 18:32:58 | 001,636,238 | ---- | M] () -- C:\Users\Erika\Desktop\4.pdf
[2013.01.10 18:32:20 | 000,295,106 | ---- | M] () -- C:\Users\Erika\Desktop\3.pdf
[2013.01.10 18:32:01 | 000,218,416 | ---- | M] () -- C:\Users\Erika\Desktop\2.pdf
[2013.01.10 18:29:43 | 000,405,947 | ---- | M] () -- C:\Users\Erika\Desktop\1.pdf
[2013.01.10 03:30:10 | 005,032,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:12:00 | 001,595,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.23 16:46:07 | 000,000,020 | ---- | C] () -- C:\Users\Erika\defogger_reenable
[2013.01.23 16:45:34 | 000,050,477 | ---- | C] () -- C:\Users\Erika\Desktop\Defogger.exe
[2013.01.23 15:45:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.01.23 11:32:12 | 000,002,283 | ---- | C] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.23 11:32:12 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.23 11:31:39 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 11:31:38 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 11:05:24 | 000,000,455 | ---- | C] () -- C:\user.js
[2013.01.21 18:31:53 | 000,098,779 | ---- | C] () -- C:\Users\Erika\Desktop\pg219.epub
[2013.01.17 23:43:39 | 000,134,841 | ---- | C] () -- C:\Users\Erika\Desktop\Shakespeare-Celan.pdf
[2013.01.13 16:27:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.11 15:30:02 | 000,354,144 | ---- | C] () -- C:\Users\Erika\Desktop\EinfuehrungindieLogik.pdf
[2013.01.10 18:39:41 | 000,388,976 | ---- | C] () -- C:\Users\Erika\Desktop\18.pdf
[2013.01.10 18:39:32 | 000,386,173 | ---- | C] () -- C:\Users\Erika\Desktop\17.pdf
[2013.01.10 18:39:21 | 000,351,514 | ---- | C] () -- C:\Users\Erika\Desktop\16.pdf
[2013.01.10 18:39:11 | 000,525,595 | ---- | C] () -- C:\Users\Erika\Desktop\15.pdf
[2013.01.10 18:38:18 | 000,458,921 | ---- | C] () -- C:\Users\Erika\Desktop\14.pdf
[2013.01.10 18:38:06 | 000,348,635 | ---- | C] () -- C:\Users\Erika\Desktop\13.pdf
[2013.01.10 18:37:52 | 000,372,576 | ---- | C] () -- C:\Users\Erika\Desktop\12.pdf
[2013.01.10 18:37:44 | 000,448,052 | ---- | C] () -- C:\Users\Erika\Desktop\11.pdf
[2013.01.10 18:37:32 | 000,481,503 | ---- | C] () -- C:\Users\Erika\Desktop\10.pdf
[2013.01.10 18:34:12 | 000,408,553 | ---- | C] () -- C:\Users\Erika\Desktop\9.pdf
[2013.01.10 18:33:49 | 000,448,677 | ---- | C] () -- C:\Users\Erika\Desktop\8.pdf
[2013.01.10 18:33:40 | 000,492,420 | ---- | C] () -- C:\Users\Erika\Desktop\7.pdf
[2013.01.10 18:33:29 | 000,394,263 | ---- | C] () -- C:\Users\Erika\Desktop\6.pdf
[2013.01.10 18:33:11 | 000,499,920 | ---- | C] () -- C:\Users\Erika\Desktop\5.pdf
[2013.01.10 18:32:58 | 001,636,238 | ---- | C] () -- C:\Users\Erika\Desktop\4.pdf
[2013.01.10 18:32:20 | 000,295,106 | ---- | C] () -- C:\Users\Erika\Desktop\3.pdf
[2013.01.10 18:32:00 | 000,218,416 | ---- | C] () -- C:\Users\Erika\Desktop\2.pdf
[2013.01.10 18:29:42 | 000,405,947 | ---- | C] () -- C:\Users\Erika\Desktop\1.pdf
[2012.08.24 12:58:07 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.08.24 12:58:07 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.08.24 12:58:07 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.08.24 12:58:07 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.08.24 12:58:07 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.08.24 12:58:07 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.08.24 12:58:07 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.08.24 12:58:07 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.08.24 12:58:07 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.08.24 12:58:07 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.08.24 12:58:07 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.08.24 12:58:07 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.08.24 12:58:07 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.08.24 12:58:07 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.08.24 12:58:07 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.08.24 12:58:07 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.08.24 12:58:07 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.08.24 12:58:07 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.08.24 12:58:07 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.08.24 12:54:47 | 001,595,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.23 22:18:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.24 01:07:44 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\AVG2012
[2013.01.23 12:18:59 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Babylon
[2012.12.06 01:21:42 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\BitComet
[2013.01.13 16:31:20 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\DAEMON Tools Lite
[2012.12.30 02:16:23 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Might & Magic Heroes VI
[2012.09.15 12:52:16 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Origin
[2012.10.08 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2095 bytes -> C:\Users\Erika\Documents\Afrika.eml:OECustomProperty
@Alternate Data Stream - 1491 bytes -> C:\Users\Erika\Documents\evfolyamtalalkozo.eml:OECustomProperty
@Alternate Data Stream - 1363 bytes -> C:\Users\Erika\Documents\Cicus.eml:OECustomProperty
@Alternate Data Stream - 1171 bytes -> C:\Users\Erika\Documents\Willkommen bei Amango.eml:OECustomProperty
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 2013.01.23. 17:12:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erika\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,21% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 258,04 Gb Free Space | 55,40% Space Free | Partition Type: NTFS
 
Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04604B9D-FC96-497E-BD20-6A439C6CFFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0A114972-EF80-4FC5-8637-8B8BFEF4BD07}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0AC70634-9348-415C-A0A5-E326754299BF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{154D6732-56E6-4206-AAEB-29E0B955C1FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1913832C-3EA3-4089-BCB5-CA104F257491}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1ED97DD9-4667-4271-B385-F157D4C38046}" = lport=17539 | protocol=6 | dir=in | name=bitcomet 17539 tcp | 
"{265A5FF9-3E2F-40D4-A5FF-FED2275F29F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2D70AF6A-ADFC-4F7F-B3B6-28834F05BD9A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31B8974A-385E-46AF-BF12-93A57DFCB55E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34862CA3-B129-4352-A94A-66495C2A7169}" = lport=17539 | protocol=6 | dir=in | name=bitcomet 17539 tcp | 
"{34D7DAED-BC4D-4E71-AA7F-9836F4200A92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3B2A041E-4759-45DB-917E-F7E0B8DB4017}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3FD7AC68-B3B8-4092-B872-31CE4D75B39D}" = lport=17539 | protocol=17 | dir=in | name=bitcomet 17539 udp | 
"{412428A7-91D9-4E99-B2FC-0FA93BE3B54B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{544D477A-9D86-4C7D-9599-58CB870F75B6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5800E23A-E54F-4476-A2A1-A26F2681CAB0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7310F6CC-6D26-4E08-9952-6A1CC64E7102}" = lport=17539 | protocol=17 | dir=in | name=bitcomet 17539 udp | 
"{804E1268-AC91-4607-BD6D-A9A23070AB18}" = lport=138 | protocol=17 | dir=in | app=system | 
"{854009B8-673A-4307-B192-FD9258FA9969}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9498204E-9A65-452A-A077-A70ED1F87761}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{96848148-6837-4813-9F18-3F6004582CE3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A21E6E9B-9145-4BC9-8D20-565AFE625CED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A7D8673A-FF59-4E41-9BA6-DC67A2D304D3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B3BE2141-F65E-4863-87C1-2EC4F0B8C24A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B776F48F-BD8F-4ADC-8197-57D998D39119}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C297260A-1028-454F-918F-47664968627B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4FE6824-37A2-4E2C-977D-11F5A0B5496B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FB636729-DCE9-4001-B86A-76DB003DC9A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FCF53D6A-DD48-430D-BA4C-36F807DEA34D}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED707D9-E738-4F43-8A8F-9666BAD2198B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18EAB1AE-C5A0-41CD-B3CC-B81747DF4FA9}" = protocol=6 | dir=out | app=system | 
"{1CE0D2F0-DE3D-404B-AAC5-D1BBBF347DD5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{1EA9CC53-5A5A-4C5E-AE48-D87F9686A124}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EF6E179-96C9-4C17-AACF-291CE1EDFEC9}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{249F293B-3FBA-41CA-A005-A808FF6E7707}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{266994DC-8C9A-4CF4-A439-85D212DC3842}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{298B8682-E692-4A07-878A-3EEF6B197484}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{2ED14AF8-5EEC-4DED-A463-53E77F719EDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{30E1A68F-3095-4C00-BB6A-021E428BB3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{318EB10F-1535-4056-8A8C-5CFF94D31FEE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{3E764726-0279-475E-9FC2-A5A69AE15A61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{410266EA-D8F0-4354-935D-3BBBE0358BBE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{443250E0-0258-480F-AE76-225089E3BB57}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{458E17D5-9055-4DE2-8F69-095E669068D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{471A6990-4DD6-4278-A61C-4C8F977372D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{481C4844-86EE-44E6-A076-C493A897561C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{487269C0-0746-476D-A676-6D0FD8504100}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{588D3C86-E3C0-469A-AC3D-2E422B4382C7}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{5E6BECD2-F00A-477C-925F-65235C7D31DB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6430876D-97E8-44DA-89DB-8975EAE09272}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{658A882B-4F9A-49F4-B020-B3A1F60C5881}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6F69B48D-65BF-41F3-B912-59ABE3CCE5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{790CAF31-B15B-4C7F-B5DF-978FBD08FE8B}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{7ACFD3AB-4F7C-4A8B-8B80-F873E41EEE99}" = dir=in | app=c:\users\erika\appdata\local\microsoft\skydrive\skydrive.exe | 
"{83A8FBC4-9743-49F4-99A3-D5986519F17C}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{8A8647E2-C92F-4AA4-8E47-9A71081EB066}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9481426D-F99F-4FF5-B5EB-C9F93CC1ED31}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{97B357ED-8551-47AB-B4FB-0B5775BB4EF2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{9A4AF6D6-B5A6-43B8-96AE-5304D8997699}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A6B7015-3908-4284-87E8-C9AA526925D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9EAA96D5-8B84-4024-9CB3-AAD029027630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B76A688E-5E20-46C1-B70F-E02789A0A267}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B7E64618-B9F2-4C57-8057-E88DCA4C5CA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C6213C84-F0C9-4A39-A7B3-0AA3F9D2365C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C89AAD0F-C670-47DA-AA27-EE04BB356EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{CC4893B3-FA33-4961-ACFD-9ACB5F73C6C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CE7A95B7-8FE3-45B8-87FD-B28EF91D2187}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D2091D38-9BFF-4FC0-BA51-B2634A7B5870}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{D403C4B2-770B-44CF-B7CD-B6E5DA6C0FD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D522162F-500C-417F-A878-FFE89EDB76F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D82770CD-CCE7-4CF0-ABC3-37A56F4B01D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{D957B95A-5F14-41F6-9F4A-D4FD4159F12F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC0C4349-0B71-493C-9AF8-3CA1A2AA9E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3E14C50-354E-4896-A9B0-E201BE16C305}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{E9FCDD27-7B19-4485-B42D-2AB2FC29FAD7}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{EDE27AF9-C0EF-42DB-B55C-3CB98B11CC35}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F6EEACDD-3CD0-4E25-B9B3-FD720F7EF322}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{FFBD9905-2A34-46FB-AF14-B7D73B50B101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15667DA1-6D17-DD0F-66D7-4221FD246DA8}" = AMD Catalyst Install Manager
"{1B7C624C-4EEE-4A1A-7CE9-CBE76DD23FF2}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416034FF}" = Java(TM) 6 Update 34 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{2D445001-F852-CFF5-8056-F629A0AA2C55}" = AMD Drag and Drop Transcoding
"{2E22DBC9-030D-87B3-5E9C-51792D09A3BE}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63140E2E-FC1B-3F88-8A7C-AC04DB549823}" = Microsoft .NET Framework 4 Client Profile HUN Language Pack
"{64A3A4F4-B792-11D6-A78A-00B0D0160340}" = Java(TM) SE Development Kit 6 Update 34 (64-bit)
"{6A1D3B4D-A746-26DD-DB3C-FA9B6CED6FDB}" = AMD Media Foundation Decoders
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040E-1000-0000000FF1CE}" = Microsoft Office Access MUI (Hungarian) 2010
"{90140000-0015-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040E-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2010
"{90140000-0016-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040E-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2010
"{90140000-0018-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040E-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hungarian) 2010
"{90140000-0019-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040E-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hungarian) 2010
"{90140000-001A-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040E-1000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2010
"{90140000-001B-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-1000-0000000FF1CE}_Office14.PROPLUS_{70A6C738-452C-4999-9780-B2C23339711D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040E-1000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2010
"{90140000-002C-040E-1000-0000000FF1CE}_Office14.PROPLUS_{4DCDAFA4-2F6C-4B5C-A2B6-4425AF5F4E48}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-040E-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Hungarian) 2010
"{90140000-0043-040E-1000-0000000FF1CE}_Office14.PROPLUS_{BB070C2A-C13E-4517-8E0C-AD50FF144BC7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040E-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hungarian) 2010
"{90140000-0044-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040E-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2010
"{90140000-006E-040E-1000-0000000FF1CE}_Office14.PROPLUS_{A65ED467-800E-403A-AC2F-981B66A4B869}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040E-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hungarian) 2010
"{90140000-00A1-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040E-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Hungarian) 2010
"{90140000-00BA-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A89B52D3-DA3F-1CA3-BD33-D53871D60081}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FBADEF1E-AFE3-309D-9B42-C030684502C7}" = Microsoft .NET Framework 4 Extended HUN Language Pack
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HUN Language Pack" = A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HUN Language Pack" = A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagja
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Királyi lakosztály Cuccok
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Szabadtéri kalandok Cuccok
"{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Cuccok
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian
"{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = AMD VISION Engine Control Center
"{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Vár a színpad
"{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Leszáll az éj
"{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek
"{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish
"{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish
"{5D382E05-9CFA-45A5-962B-8F578E7D3A23}" = Photo Common
"{63535877-2396-4437-9BF5-C9BE41EE7677}" = Windows Live Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian
"{6B00CD97-EADD-3AFC-A844-89EB4DA73461}" = Catalyst Control Center InstallProxy
"{6F0C74FE-78BB-417E-969E-BB756F21ADEA}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luxuslakás Cuccok
"{723E4732-695B-4628-B5EC-A98EA34AA0F0}" = Movie Maker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{749D0B62-5610-4ADE-82E6-399E6B4DAD80}" = Windows Live Writer Resources
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Városszépítő Cuccok
"{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech
"{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish
"{7E664C9F-0341-11F9-39F7-E2493FACF037}" = Adobe® Content Viewer
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Álomállások
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98994720-A230-4F45-875C-AD56E28448F1}" = Windows Live Mail
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry Édes apróságok
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Természetfeletti erők
"{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 A világ körül
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Házi kedvenc
"{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean
"{C2CDACDF-EC5C-4F9F-B2D7-D6486CFAAD58}" = Fotótár
"{C37B38A0-527E-4579-A24B-0F5B42215193}" = Windows Live Family Safety
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D775D71D-C54B-41AE-97C2-EDEEBCA4FFCF}" = Windows Live Messenger
"{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Nemzedékek
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Padlógáz Cuccok
"{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All
"{FDF614F8-710F-4C28-A90F-07A9BC82774D}" = Windows Live UX Platform Language Pack
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Astroburn Lite" = Astroburn Lite
"BitComet_x64" = BitComet 1.33 64-bit
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"Kobo" = Kobo
"Mozilla Firefox 15.0.1 (x86 hu)" = Mozilla Firefox 15.0.1 (x86 hu)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"RADVideo" = RAD Video Tools
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013.01.23. 11:48:25 | Computer Name = Erika-PC | Source = ESENT | ID = 455
Description = Windows (3400) Windows: Hiba (-1811) történt a következő naplófájl
megnyitásakor: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0009A.log.
 
Error - 2013.01.23. 11:48:39 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 2013.01.23. 11:48:42 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 2013.01.23. 11:48:44 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 2013.01.23. 11:48:46 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 2013.01.23. 11:48:48 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 2012.12.29. 15:38:19 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (vToolbarUpdater13.2.0) a következő hiba következtében
leállt: %%1053
 
Error - 2013.01.06. 15:10:15 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7009
Description = Letelt egy időkorlát (30000 ms) a(z) vToolbarUpdater13.2.0 szolgáltatás
kapcsolódására való várakozás közben.
 
Error - 2013.01.06. 15:10:15 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (vToolbarUpdater13.2.0) a következő hiba következtében
leállt: %%1053
 
Error - 2013.01.09. 14:36:43 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7011
Description = Letelt egy időkorlát (30000 ms) a(z) lmhosts szolgáltatásnak a tranzakcióra
adott válaszára való várakozás közben.
 
Error - 2013.01.15. 2:53:31 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7024
Description = A szolgáltatás (Windows Search) leállt a következő szolgáltatásspecifikus
hibával: %%-1073473535
 
Error - 2013.01.15. 2:53:31 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7031
Description = A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik:
A szolgáltatás újraindítása.
 
Error - 2013.01.15. 2:54:20 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7032
Description = A szolgáltatásvezérlő kezelője megpróbált ellenintézkedést tenni (A
szolgáltatás újraindítása) a(z) Windows Search szolgáltatás váratlan leállása után,
de a művelet a következő hiba miatt sikertelen volt: %%1056
 
Error - 2013.01.22. 16:14:02 | Computer Name = Erika-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 2013.01.23. 11:48:51 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7024
Description = A szolgáltatás (Windows Search) leállt a következő szolgáltatásspecifikus
hibával: %%-1073473535
 
Error - 2013.01.23. 11:48:51 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7031
Description = A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik:
A szolgáltatás újraindítása.
 
 
< End of report >

--- --- ---

Soll ich GMER herunterladen?

Vielen Dank im Voraus!
Zsófia

ryder · 24.01.2013, 10:00

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Bitte Lesen:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:

Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
Nur Scanns durchführen zu denen Du aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Gelesen und verstanden?

Schritt 1:
Deinstallation von Programmen

Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren

Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren

ggf. Neustart zulassen

Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält.

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.

Poste mir den Inhalt mit deiner nächsten Antwort.

Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.

Schritt 4:
Scan mit DDS+ (mit attach)

Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
Schließe alle laufenden Programme und starte DDS mit Doppelklick.

Der Desktop wird verschwinden, das ist normal.

Stelle folgendes ein:

[X] dds.txt
[X] attach.txt
[ ] options for dds.txt

Ändere keine Einstellung ohne Anweisung.

Klicke auf Start.

Es werden 2 Logfiles auf deinem Desktop erstellt.
dds.txt

attach.txt

Poste die beiden Logfile hier, möglichst in CODE-Tags.

Zsófia · 24.01.2013, 21:22

Vielen Dank für die Hilfe ryder!

Schritt 1: Java 7 habe ich jetzt gelassen, oder gehört es zu "(alle)"?

Schritt 2&3: Ich muss gestehen, dass ich AdwCleaner (verschwindet von meinem Desktop) gestern vor meinem Post schon angewendet habe, doch den Text nicht gespeichert habe. Eben klickte ich auf "search" und ein längerer Text kam, doch mit Schritt 3 ging er verloren (bitte um Entschuldigung für meine Unfähigkeit -.-") und nun kommt nur etwas kurzes und google chrome scheint wieder heil zu sein, also ist alles ok?

Hier die AdwCleaner-Nachricht: # AdwCleaner v2.107 - Logfile created 01/24/2013 at 21:13:10
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Erika - ERIKA-PC
# Boot Mode : Normal
# Running from : C:\Users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJ3WU1N\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (hu)

File : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\ounb98zv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [992 octets] - [24/01/2013 20:53:50]
AdwCleaner[R2].txt - [932 octets] - [24/01/2013 21:13:10]

########## EOF - C:\AdwCleaner[R2].txt - [991 octets] ##########

Schritt 4: .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 2012.08.23. 23:22:04
System Uptime: 2013.01.24. 21:16:26 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA790X-UD3P
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket M2 | 1196/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 258,954 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 2013.01.10. 3:00:45 - Windows Update
RP67: 2013.01.18. 0:48:40 - Ütemezett ellenőrzési pont
RP68: 2013.01.23. 12:57:38 - Removed Babylon Chrome Toolbar
RP69: 2013.01.23. 12:58:11 - Removed Babylon Chrome Toolbar
RP70: 2013.01.23. 15:44:46 - Installed SpyHunter
RP71: 2013.01.23. 16:49:18 - Removed SpyHunter
RP72: 2013.01.23. 16:51:29 - Removed SpyHunter
RP73: 2013.01.23. 16:52:08 - Removed SpyHunter
RP74: 2013.01.24. 20:36:10 - Removed Java(TM) 6 Update 34 (64-bit)
RP75: 2013.01.24. 20:37:11 - Removed Java(TM) SE Development Kit 6 Update 34 (64-bit)
.
==== Installed Programs ======================
.
A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagja
A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player ActiveX
Adobe Help Manager
Adobe Widget Browser
Adobe® Content Viewer
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Astroburn Lite
AVG 2012
BitComet 1.33 64-bit
bl
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DivX Setup
Fotótár
Google Chrome
Google Update Helper
Java 7 Update 6 (64-bit)
Junk Mail filter update
Kobo
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile HUN Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended HUN Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Hungarian) 2010
Microsoft Office Excel MUI (Hungarian) 2010
Microsoft Office Groove MUI (Hungarian) 2010
Microsoft Office InfoPath MUI (Hungarian) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Hungarian) 2010
Microsoft Office Outlook MUI (Hungarian) 2010
Microsoft Office PowerPoint MUI (Hungarian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Hungarian) 2010
Microsoft Office Proofing (Hungarian) 2010
Microsoft Office Publisher MUI (Hungarian) 2010
Microsoft Office Shared 32-bit MUI (Hungarian) 2010
Microsoft Office Shared MUI (Hungarian) 2010
Microsoft Office Word MUI (Hungarian) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Might & Magic Heroes VI
Movie Maker
Mozilla Firefox 15.0.1 (x86 hu)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Origin
PDF Settings CS6
ph
Photo Common
Photo Gallery
RAD Video Tools
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 5.10
The Sims™ 3
The Sims™ 3 Álomállások
The Sims™ 3 A világ körül
The Sims™ 3 Diesel Cuccok
The Sims™ 3 Házi kedvenc
The Sims™ 3 Katy Perry Édes apróságok
The Sims™ 3 Királyi lakosztály Cuccok
The Sims™ 3 Leszáll az éj
The Sims™ 3 Luxuslakás Cuccok
The Sims™ 3 Nemzedékek
The Sims™ 3 Padlógáz Cuccok
The Sims™ 3 Szabadtéri kalandok Cuccok
The Sims™ 3 Természetfeletti erők
The Sims™ 3 Vár a színpad
The Sims™ 3 Városszépítő Cuccok
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Erika at 21:17:43 on 2013-01-24
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.36.1038.18.4094.2711 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Microsoft-fiók bejelentkezési segédje: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Kül&dés a OneNote programba - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F4272AE7-5B61-4A65-8047-6817F60C2973} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\ounb98zv.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Erika\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-24 56208]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgfws;AVG tűzfal;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-23 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-24 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-8-23 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-24 59392]
S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-23 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-24 19:36:45	--------	d-----w-	C:\Windows\System32\appmgmt
2013-01-23 14:45:11	--------	d-----w-	C:\Program Files\Enigma Software Group
2013-01-23 14:44:20	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-23 10:05:35	--------	d-----w-	C:\Users\Erika\AppData\Local\7-Zip Uninstaller
.
==================== Find3M  ====================
.
2012-12-16 17:11:22	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16	441856	----a-w-	C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31	2746368	----a-w-	C:\Windows\System32\gameux.dll
2012-12-07 12:26:17	308736	----a-w-	C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43	2576384	----a-w-	C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04	30720	----a-w-	C:\Windows\System32\usk.rs
2012-12-07 11:20:03	43520	----a-w-	C:\Windows\System32\csrr.rs
2012-12-07 11:20:03	23552	----a-w-	C:\Windows\System32\oflc.rs
2012-12-07 11:20:01	45568	----a-w-	C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01	44544	----a-w-	C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01	20480	----a-w-	C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00	20480	----a-w-	C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59	20480	----a-w-	C:\Windows\System32\pegi.rs
2012-12-07 11:19:58	46592	----a-w-	C:\Windows\System32\fpb.rs
2012-12-07 11:19:57	40960	----a-w-	C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57	21504	----a-w-	C:\Windows\System32\grb.rs
2012-12-07 11:19:57	15360	----a-w-	C:\Windows\System32\djctq.rs
2012-12-07 11:19:56	55296	----a-w-	C:\Windows\System32\cero.rs
2012-12-07 11:19:55	51712	----a-w-	C:\Windows\System32\esrb.rs
2012-11-30 05:45:35	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-11-30 05:45:35	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-11-30 02:44:06	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-23 03:13:57	68608	----a-w-	C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23	800768	----a-w-	C:\Windows\System32\usp10.dll
2012-11-22 04:45:03	626688	----a-w-	C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09	220160	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-11-14 06:02:49	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32	750592	----a-w-	C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-09 04:43:04	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11	478208	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31	376832	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42	2002432	----a-w-	C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42	1882624	----a-w-	C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54	1389568	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 21:18:39,92 ===============

--- --- ---

ryder · 24.01.2013, 22:22

Gut!

Bevor es weitergeht: Besteht das Problem noch?

Zsófia · 24.01.2013, 22:28

Nein, da Chrome normal ist und mystart niergends auftaucht, denke ich, dass es entfernt woeden ist

Also vielen herzlichen Dank!

Liebe Grüße
Zsófia

ryder · 24.01.2013, 22:30

Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/

24.01.2013, 22:22	#4
ryder /// TB-Ausbilder	mystart by incredimail ist zu entfernen Gut! Bevor es weitergeht: Besteht das Problem noch? __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

mystart by incredimail ist zu entfernen

Plagegeister aller Art und deren Bekämpfung: mystart by incredimail ist zu entfernen