Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Skype Trojana

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.09.2012, 00:28   #1
sumse
 
Skype Trojana - Standard

Skype Trojana



Hallo...

ich habe grade von einem Freund einen Link bekommen mit dem Vermerk sind das Deine Bilder? Ich klickte den Link an und nun wurde in meinem Namen an alle meine Skype Kontakte dieser Link verschickt.
Bitte, bitte helft mir das wieder weg zu bekommen.
Danke im voraus
lg sumse

Alt 30.09.2012, 00:33   #2
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



hi
1. warne deinen freund, er hat nen trojaner auf dem pc.
2. warne alle kontakte, sie haben, wenn sie den link geöffnet haben, trojaner auf dem pc, sie sollen sich hier melden, und wiederum ihre kontakte warnen, usw.
3. bitte sende mir den link als private nachicht.
durchsuche auch deine versendeten nachichten und sende mir aktuelle links zu.
4. lade mir die datei hoch, mit der du dich infiziert hast, sie liegt evtl. im papierkorb, wenn dem so ist, stelle sie wieder her.
Trojaner-Board Upload Channel
teile mir mit, wenn das erledigt ist
__________________

__________________

Alt 30.09.2012, 00:47   #3
sumse
 
Skype Trojana - Standard

Skype Trojana



hast den Link per pn
__________________

Alt 30.09.2012, 00:52   #4
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



man dankt
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.09.2012, 01:49   #5
sumse
 
Skype Trojana - Standard

Skype Trojana



so hier die Inhalte...OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2012 02:09:36 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Biene\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 52,97% Memory free
3,87 Gb Paging File | 2,20 Gb Available in Paging File | 56,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 398,37 Gb Free Space | 85,55% Space Free | Partition Type: NTFS
 
Computer Name: BIENE-PC | User Name: Biene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.30 01:58:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Biene\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 11:12:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.05.14 18:39:55 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 18:39:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 18:39:55 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 18:39:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 18:39:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.03 18:19:42 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2012.04.03 18:19:40 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2012.04.02 15:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2011.01.21 13:33:32 | 000,214,360 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
PRC - [2010.07.29 11:59:36 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
PRC - [2010.04.30 13:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2007.04.23 19:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007.04.23 19:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.11 10:47:52 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
MOD - [2011.01.21 15:05:44 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
MOD - [2010.12.29 18:32:32 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
MOD - [2010.12.29 17:52:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
MOD - [2010.12.23 13:17:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
MOD - [2010.12.20 16:21:06 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
MOD - [2010.11.30 16:42:22 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
MOD - [2010.11.26 10:45:10 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
MOD - [2010.11.26 10:33:20 | 004,583,424 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
MOD - [2010.10.22 10:22:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
MOD - [2010.10.22 10:01:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
MOD - [2010.09.26 11:13:24 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
MOD - [2010.09.26 11:13:02 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
MOD - [2010.09.09 18:00:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
MOD - [2010.09.08 17:10:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
MOD - [2010.09.08 10:52:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
MOD - [2010.08.03 10:51:10 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
MOD - [2010.08.03 10:44:44 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
MOD - [2010.07.13 10:48:18 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
MOD - [2010.05.07 11:46:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
MOD - [2010.04.27 15:20:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
MOD - [2010.03.02 15:09:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
MOD - [2009.12.04 17:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
MOD - [2009.11.27 17:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
MOD - [2009.11.26 17:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
MOD - [2009.09.09 14:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
MOD - [2009.08.06 10:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
MOD - [2009.06.26 09:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
MOD - [2008.11.17 14:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
MOD - [2008.08.25 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
MOD - [2008.08.25 16:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
MOD - [2007.12.20 14:37:00 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
MOD - [2007.08.31 17:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
MOD - [2007.03.30 10:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
MOD - [2007.03.30 10:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
MOD - [2007.03.30 09:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
MOD - [2007.03.30 09:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.14 13:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.12.12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.07.10 07:28:28 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2012.09.22 13:18:57 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.05.14 18:39:55 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 18:39:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 18:39:55 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 18:39:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 18:39:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.03 19:11:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.23 19:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007.04.23 19:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 18:39:55 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.05.14 18:39:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 18:39:55 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.05.14 18:39:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.10.13 01:27:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.27 19:03:24 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.02.25 00:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.03.17 12:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.03.03 12:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2007.07.10 07:28:16 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2007.06.20 05:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007.06.20 05:30:18 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007.06.20 05:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006.06.18 16:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011.11.24 16:34:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.06.28 12:32:02 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot)
DRV - [2010.12.22 01:20:52 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 D0 2B 6A F7 24 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0D49FAA3-AE93-4297-BA76-09DF9B06FE4C}&mid=c539d970149a47d1964ed1526265b532-38dc6bceb244d2acfd42b785943d90b2df90f8ec&lang=de&ds=tt014&pr=sa&d=2011-12-09 18:02:32&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.22 12:03:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 10:12:19 | 000,000,000 | ---D | M]
 
[2012.09.22 12:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Biene\AppData\Roaming\mozilla\Extensions
[2012.09.22 17:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Biene\AppData\Roaming\mozilla\Profiles\b4qdbgot.Standard-Benutzer\extensions
[2012.09.22 12:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.16 10:47:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 15:38:51 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - homepage: Google
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2530 Series" File not found
O4 - HKCU..\Run: [Gycuca] C:\Users\Biene\AppData\Roaming\Gycuca.exe (Codejock Software)
O4 - HKCU..\Run: [Scan Buttons] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (NewSoft Technology Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CA3DC4A-3E56-42B5-A02A-745B6CDCCEBE}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADF87A2-C93E-4A9A-B991-08507B80D55F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{135cb001-576d-11e0-808f-001b24815cc1}\Shell - "" = AutoRun
O33 - MountPoints2\{135cb001-576d-11e0-808f-001b24815cc1}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c285dcd7-455b-11e0-aab6-001b24815cc1}\Shell - "" = AutoRun
O33 - MountPoints2\{c285dcd7-455b-11e0-aab6-001b24815cc1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c285dcdd-455b-11e0-aab6-001b24815cc1}\Shell - "" = AutoRun
O33 - MountPoints2\{c285dcdd-455b-11e0-aab6-001b24815cc1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F0916922-DEA0-7236-97E3-0FF1DC31660C} - Browser Customizations
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.30 01:46:11 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\53C5.exe
[2012.09.30 01:20:59 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\419B.exe
[2012.09.30 01:08:47 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Roaming\Malwarebytes
[2012.09.30 01:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 01:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.30 01:08:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.30 01:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.30 01:02:14 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\1A2D.exe
[2012.09.30 00:38:49 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\CB8F.exe
[2012.09.30 00:18:57 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\9A41.exe
[2012.09.29 23:57:22 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\D665.exe
[2012.09.29 23:39:31 | 000,356,352 | ---- | C] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\7E56.exe
[2012.09.29 23:39:27 | 000,430,080 | R--- | C] (Codejock Software) -- C:\Users\Biene\AppData\Roaming\Gycuca.exe
[2012.09.29 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Roaming\.oit
[2012.09.29 21:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 9.03 Standard
[2012.09.29 21:00:40 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Local\NewSoft
[2012.09.29 21:00:40 | 000,000,000 | ---D | C] -- C:\Users\Biene\Documents\My PageManager
[2012.09.29 21:00:03 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Roaming\NewSoft
[2012.09.29 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\NewSoft
[2012.09.29 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewSoft
[2012.09.29 20:57:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\color
[2012.09.29 20:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.09.29 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.09.29 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Roaming\Epson
[2012.09.29 20:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.09.29 20:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012.09.29 20:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012.09.29 20:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.09.29 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.09.29 20:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.09.22 19:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.15 20:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.15 20:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.15 20:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.07 10:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.01 08:18:08 | 000,000,000 | ---D | C] -- C:\Users\Biene\AppData\Local\king.com
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.30 02:04:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 01:46:11 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\53C5.exe
[2012.09.30 01:20:59 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\419B.exe
[2012.09.30 01:08:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 01:02:14 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\1A2D.exe
[2012.09.30 00:38:49 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\CB8F.exe
[2012.09.30 00:18:57 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\9A41.exe
[2012.09.29 23:57:22 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\D665.exe
[2012.09.29 23:39:31 | 000,356,352 | ---- | M] (TZC1 GSafwl Md) -- C:\Users\Biene\AppData\Roaming\7E56.exe
[2012.09.29 23:39:27 | 000,430,080 | R--- | M] (Codejock Software) -- C:\Users\Biene\AppData\Roaming\Gycuca.exe
[2012.09.29 21:01:54 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 21:01:54 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 21:00:40 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Presto! PageManager 9.03 SE.lnk
[2012.09.29 21:00:05 | 001,521,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.29 21:00:05 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.29 21:00:05 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.29 21:00:05 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.29 21:00:05 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 21:00:04 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2012.09.29 20:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.29 20:49:45 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.09.29 20:46:46 | 000,000,244 | ---- | M] () -- C:\Users\Public\Desktop\Anleitung für Epson Connect.url
[2012.09.29 20:46:43 | 000,002,362 | ---- | M] () -- C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-2530 Series.lnk
[2012.09.29 20:46:35 | 000,000,267 | ---- | M] () -- C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-2530 Series.url
[2012.09.29 20:34:57 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.29 18:55:48 | 389,044,808 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.29 16:13:10 | 000,436,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.28 02:45:59 | 000,129,758 | ---- | M] () -- C:\Users\Biene\Documents\kk 28.10.2012.rtf
[2012.09.24 21:48:27 | 000,371,844 | ---- | M] () -- C:\Users\Biene\Documents\rob.jpg
[2012.09.22 12:03:21 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.16 09:49:59 | 000,339,249 | ---- | M] () -- C:\Users\Biene\Documents\xhodonteam.jpg
[2012.09.15 20:05:37 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 19:48:53 | 000,003,211 | ---- | M] () -- C:\Users\Biene\Documents\perlen.ods
[2012.09.01 08:17:35 | 000,032,608 | ---- | M] () -- C:\Windows\king-uninstall.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.30 01:08:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.29 21:00:40 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Presto! PageManager 9.03 SE.lnk
[2012.09.29 20:49:45 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.09.29 20:48:19 | 000,000,264 | ---- | C] () -- C:\Windows\setup.iss
[2012.09.29 20:38:42 | 000,000,244 | ---- | C] () -- C:\Users\Public\Desktop\Anleitung für Epson Connect.url
[2012.09.29 20:38:38 | 000,002,362 | ---- | C] () -- C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-2530 Series.lnk
[2012.09.29 20:38:26 | 000,000,267 | ---- | C] () -- C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-2530 Series.url
[2012.09.29 20:34:57 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.09.29 18:55:48 | 389,044,808 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.09.27 21:20:47 | 000,129,758 | ---- | C] () -- C:\Users\Biene\Documents\kk 28.10.2012.rtf
[2012.09.24 21:47:46 | 000,371,844 | ---- | C] () -- C:\Users\Biene\Documents\rob.jpg
[2012.09.22 12:03:21 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.22 12:03:21 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.16 09:49:55 | 000,339,249 | ---- | C] () -- C:\Users\Biene\Documents\xhodonteam.jpg
[2012.09.15 20:05:37 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.04 19:48:52 | 000,003,211 | ---- | C] () -- C:\Users\Biene\Documents\perlen.ods
[2012.09.01 08:17:35 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2012.03.02 21:10:44 | 000,233,491 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2012.03.02 20:34:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\deluidrv.exe
[2012.03.02 20:34:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\delentry.exe
[2011.11.30 21:04:23 | 000,010,856 | -H-- | C] () -- C:\Users\Biene\helpfile.GID
[2011.07.28 18:18:06 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.01.28 21:58:14 | 001,540,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.23 21:42:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.09.29 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\.oit
[2012.02.25 15:40:18 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Ambient Design
[2012.02.03 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2012.09.29 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Epson
[2012.09.29 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\NewSoft
[2012.04.20 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Opera
[2012.05.21 20:34:18 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\ts3overlay
[2012.01.11 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\TuneUp Software
[2012.06.27 02:00:10 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\UseNeXT
[2011.12.09 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Visan
[2011.03.03 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Vodafone
[2012.02.03 17:55:35 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\Wacom
[2012.02.03 17:55:42 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.09.11 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\Biene\AppData\Roaming\XSManager
[2012.07.31 16:31:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.12.21 15:52:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.21 22:24:02 | 000,000,000 | ---D | M] -- C:\5f49da99513bf4003fda843258527de8
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.21 15:52:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.22 19:22:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.22 02:10:55 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.29 20:35:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.30 01:08:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.09.30 01:08:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.21 15:52:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.21 15:52:03 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.12.22 02:50:49 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.09.30 02:13:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.21 15:52:13 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.29 20:59:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.03 17:54:52 | 000,000,002 | ---- | M] () -- C:\Users\Biene\.bdockinstall.log
[2011.11.30 21:15:08 | 000,010,856 | -H-- | M] () -- C:\Users\Biene\helpfile.GID
[2012.09.30 02:31:49 | 003,145,728 | -HS- | M] () -- C:\Users\Biene\NTUSER.DAT
[2012.09.30 02:31:49 | 000,262,144 | -HS- | M] () -- C:\Users\Biene\ntuser.dat.LOG1
[2010.12.21 15:52:16 | 000,000,000 | -HS- | M] () -- C:\Users\Biene\ntuser.dat.LOG2
[2010.12.21 15:55:53 | 000,065,536 | -HS- | M] () -- C:\Users\Biene\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.12.21 15:55:53 | 000,524,288 | -HS- | M] () -- C:\Users\Biene\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 15:55:53 | 000,524,288 | -HS- | M] () -- C:\Users\Biene\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.12.21 15:52:16 | 000,000,020 | -HS- | M] () -- C:\Users\Biene\ntuser.ini
[2012.01.26 23:07:34 | 000,170,415 | ---- | M] () -- C:\Users\Biene\Wesenprodktion.xlsx
[2012.01.26 23:07:31 | 000,053,881 | ---- | M] () -- C:\Users\Biene\Xhodon-Rechner.xlsx
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2012 02:09:36 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Biene\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 52,97% Memory free
3,87 Gb Paging File | 2,20 Gb Available in Paging File | 56,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 398,37 Gb Free Space | 85,55% Space Free | Partition Type: NTFS
 
Computer Name: BIENE-PC | User Name: Biene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05037525-15C9-4759-959C-B06E2EA7CA59}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1BE9B68B-E6CC-46B9-9581-26D3042C487B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3766B71C-B61E-4CFA-A332-1476A887A4E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4F192805-0986-46C8-A588-D8C6155E325C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6E99AEB6-F04B-49DD-915E-84EF627CC2EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6F8CA108-BABC-4BC6-B492-430E439812A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8EE4ACFF-BF9D-4058-914B-9E9982E8EB41}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D47C5CE-1779-4BEB-9E2F-A41A100DD213}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E7AD0F7-2C51-4D12-B374-4A64817EE428}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B30E1FD4-292B-438A-A0D6-7A824D5B75D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BEA9DCF3-0A1E-4BCA-85A5-881B24AFBE1C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{D2A43F26-9239-438A-990A-1266C89A4A83}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{DB968616-3C5C-4F64-AD30-E9135D4FBF8F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DD7612F0-6D6F-4D9B-956C-E2B2E711E284}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E11E0334-1FA4-440F-A704-68D93FCAB472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4C5B19A-1445-4F03-96A1-0B4552E6C5C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E22BE7-C350-4A92-A9BB-C847F884240E}" = protocol=17 | dir=in | app=c:\program files (x86)\newsoft\presto! pagemanager 9.03\licensecheck.exe | 
"{1AE89D22-74DD-4A26-B1AE-2B356424B17B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{1D90E282-D477-4E49-86CE-5C43C1ADB13A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F8349CE-A67E-435C-9C16-2F9032CABF3B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{205A5E4E-CD51-4C95-B981-87CBB633CCF4}" = protocol=6 | dir=in | app=c:\program files (x86)\newsoft\presto! pagemanager 9.03\licensecheck.exe | 
"{250CEADA-A7E5-4E1F-A8E9-A111554D89A1}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{2B503D56-9F09-4616-9A07-643DAE04BED8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{30C55DC8-DA3B-4675-B051-2C62B30B1E52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{30F1EB05-8002-441C-B2D2-3B0A63AFAA09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{33A8C5C8-091C-4317-875A-F3464F679E52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{382DFB36-DAA2-4AEE-87B0-85A71260F668}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3EA32205-DFB9-4702-A11F-8372A9A4616C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{42DAAE5A-5122-44FF-B623-D49B61B4A91E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{45E4A2DC-F966-4120-B232-8B9BB3BA1137}" = dir=in | app=d:\setup\hpznui40.exe | 
"{48593A7C-9042-4B13-B2D3-733AAEF69CAD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5659D77B-56F7-43D9-AE20-7F5F80E32C69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{71D7ED7A-19CE-4CB0-A8A8-8C01E0151979}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{789CAF5B-01CA-4C45-8BEC-B04C5E1CA7CB}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
"{7A36E13E-0E4F-40B1-B48C-E2F7027AAA42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7E99A445-D012-4C1D-8AAE-27E7A0A34E27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{80D799B3-A63F-4ABD-883E-F101DDE8AFB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{829F62A4-CA9C-44A3-AE2F-C1A7C1983974}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{872D32DC-21E6-4860-B177-2DFFB51ACBC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{90476D15-4D36-4645-94ED-C7AB8F2E53F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{96908151-C52F-490E-B745-B060E774EE9E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{98F6321C-2D3B-4DE1-814F-104823638421}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{9AE9EF80-AFD7-4468-A8D7-17F186A20843}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ACC96064-4495-4A8E-B3A7-39984EA5990C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B0BFE6B0-3E33-4381-B306-51D2A08EDB15}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B6CA3A21-F934-4326-83D6-00B986597863}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C3600CC3-AFD6-416E-BD5E-490A6275510D}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | 
"{C5F2CC23-2E1A-4D9D-9B9A-F2D654CDC926}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D75D2057-9FE0-48DE-9BE1-2A8D83744582}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{DFAFA6CF-F21C-4115-A04A-16F9814848F3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E38864AE-13A3-4B81-BD02-DA5E2450B746}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{EA579F95-9E37-4DBE-95A2-A8CD6BF6A79D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EC359170-E648-4AD0-ABD8-C4DC6FD6D22C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{F1872267-E503-4F2A-A8AA-949D72E4E5A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FB61A609-DE6D-4C56-B28E-E293CEAF23AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DriverAgent" = DriverAgent Plugin for Netscape by eSupport.com
"DriverAgent.exe" = DriverAgent by eSupport.com
"EPSON WF-2530 Series" = Druckerdeinstallation für EPSON WF-2530 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A312B5-1542-47B6-BFE9-F51358C39E86}" = Epson Easy Photo Print 2
"{04AF7536-446D-4F5A-8920-B4E885E4581B}" = Presto! PageManager 9.03 SE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92C742-08BE-9C7A-DF0C-3E1CD06C46C2}" = Sumo Paint Bamboo 2.2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7082E27E-2637-4ED5-9156-E19B57A3B5B0}" = ArtRage Studio Pro
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F01524C-0676-4CC1-B4AE-64753C723391}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Bamboo Dock" = Bamboo Dock
"com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1" = Sumo Paint Bamboo 2.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Epson Connect Guide" = Anleitung für Epson Connect
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GENEUIDE" = USB Storage Driver
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MsgPlus! Plugin" = Messenger Plus! 3
"Opera 12.00.1467" = Opera 12.00
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WF-2530 Series Netg" = Epson Netzwerkhandbuch WF-2530 Series
"WF-2530 Series Useg" = Epson Benutzerhandbuch WF-2530 Series
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"XSManager" = XSManager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.09.2012 10:07:47 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.09.2012 10:07:47 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 473151
 
Error - 15.09.2012 10:07:47 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 473151
 
Error - 15.09.2012 10:07:48 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.09.2012 10:07:48 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 474149
 
Error - 15.09.2012 10:07:48 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 474149
 
Error - 15.09.2012 10:07:49 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.09.2012 10:07:49 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 475148
 
Error - 15.09.2012 10:07:49 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 475148
 
Error - 15.09.2012 10:07:50 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.09.2012 10:07:50 | Computer Name = Biene-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 476146
 
[ OSession Events ]
Error - 22.12.2010 15:34:16 | Computer Name = Biene-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.09.2012 10:13:46 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 10:13:46 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 12:56:17 | Computer Name = Biene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?09.?2012 um 16:31:09 unerwartet heruntergefahren.
 
Error - 29.09.2012 12:56:39 | Computer Name = Biene-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.09.2012 12:57:14 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 10  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 12:57:14 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 14:54:22 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 14:54:22 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 14:54:22 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.09.2012 14:54:22 | Computer Name = Biene-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >
         
--- --- ---


Alt 30.09.2012, 01:59   #6
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Gycuca] C:\Users\Biene\AppData\Roaming\Gycuca.exe (Codejock Software)
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> Skype Trojana

Alt 30.09.2012, 02:17   #7
sumse
 
Skype Trojana - Standard

Skype Trojana



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Gycuca deleted successfully.
C:\Users\Biene\AppData\Roaming\Gycuca.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Biene
->Flash cache emptied: 60648 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Biene
->Temp folder emptied: 12015003 bytes
->Temporary Internet Files folder emptied: 53077205 bytes
->Java cache emptied: 2114041 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2980831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 09302012_030907

Files\Folders moved on Reboot...
C:\Users\Biene\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Biene\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Alt 30.09.2012, 02:19   #8
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



hi
du hast mir jpgs hochgeladen, damit kann ich, aufgrund von augen problemen nichts anfangen, wenn dort links zu sehen sind, hätte ich die gern als klartext als persönliche nachicht, sorry, falls das eine extra arbeit für dich ist.
moved files.rar trotzdem hochladen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.09.2012, 02:22   #9
sumse
 
Skype Trojana - Standard

Skype Trojana



müsste alles geklappt haben mit dem hochladen

Alt 30.09.2012, 02:23   #10
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



hi
danke
siehe meine anfrage vor deinem post, wenn du mir ne beschreibung zu den bildern posten könntest, dass wäre nett
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.09.2012, 02:34   #11
sumse
 
Skype Trojana - Standard

Skype Trojana



bei Skype unter Menüpunkt: Aktionen-Optionen-Erweiterte Einstellungen steht seit dem ich den Link anklickte Zugriffsverwaltung (externe Anwendungen ) wenn man da drauf klickt kommen die 3 unterpunkte siehe Bild.
Ich hab mich nicht getraut drauf zu klicken, hab deswegen alles entfernt aber vorher halt noch nen screen gemacht.

Alt 30.09.2012, 02:35   #12
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



ok
siehe bild, bringt mir nicht viel, siehe meinen post :d
aber ich hatte zeit den trojaner zu analysieren.
die malware läd das zero access rootkit.
wenn du onlinebanking machst, lasse es sperren, notfall nummer:
116 116
da man dieses nicht 100 %ig sicher los wird:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.09.2012, 02:56   #13
sumse
 
Skype Trojana - Standard

Skype Trojana



ohjee... das wird ja noch ein aufregender sonntag...
ich danke dir erstmal für deine schnelle Hilfe...

Alt 30.09.2012, 03:00   #14
markusg
/// Malware-holic
 
Skype Trojana - Standard

Skype Trojana



ja, aber sieh es positiv, wir haben es enddeckt, und dir ist kein schaden entstanden, also von daher, musst du zwar arbeit investieren, aber wir sichern deinen pc vernünftig ab, und du bist in zukunft besser geschützt.
tut mir leid, keine besseren informationen für dich zu haben
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.09.2012, 03:13   #15
sumse
 
Skype Trojana - Standard

Skype Trojana



ja dank deiner schnellen hilfe ist kein schaden entstanden... ich werd erstmal alles an persönlichen sachen sichern und dann alles neu machen.

Antwort

Themen zu Skype Trojana
bilder, codejock software, freund, helft, klick, kontakte, link, namen, skype, skype trojaner, troja, trojan, trojana, wieder weg




Ähnliche Themen: Skype Trojana


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Windows 7 - Skype Update - Umleitung auf skype.gmw.cn
    Alles rund um Windows - 12.08.2014 (9)
  3. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  4. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  5. Avira Meldet "C:\WINDOWS\system32\Skype.scr\Skype.exe" und kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (11)
  6. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  7. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  8. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  9. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  10. Skype Trojana
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (5)
  11. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  12. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  13. BKA Trojana
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (35)
  14. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)
  15. Trojana TR/BHO.czo
    Log-Analyse und Auswertung - 29.07.2008 (5)
  16. Skype/skype me modus
    Überwachung, Datenschutz und Spam - 03.09.2006 (2)
  17. Hab ein Trojana!!!
    Plagegeister aller Art und deren Bekämpfung - 13.05.2005 (12)

Zum Thema Skype Trojana - Hallo... ich habe grade von einem Freund einen Link bekommen mit dem Vermerk sind das Deine Bilder? Ich klickte den Link an und nun wurde in meinem Namen an alle - Skype Trojana...
Archiv
Du betrachtest: Skype Trojana auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.