Verdächtige E-Mail mit Zip-Datei geöffnet

Bubus · 07.03.2013, 00:01

Hallo zusammen,

ich habe vor ein paar Tagen 2 E-Mail´s von Onlineshop´s erhalten mit einer Zahlungsaufforderung. Als Anhang war jedesmal eine Zip-Datei.
Da ich mir nicht sicher war, habe ich dummerweise (ja, ich weiß man soll so etwas nicht öffnen

)eine geöffnet. Nun bin ich mir nicht sicher, ob ich nun einen Trojaner auf dem Rechner habe.
Ich habe dann das Virenprogramm durchlaufen lassen (Windows Defender) aber ohne Ergebnis.
Da mir das ganze aber keine Ruhe lässt, wäre ich ganz glücklich wenn mir jemand helfen könnte
damit ich wieder beruhigt den Rechner nutzen kann.

Vielen Dank

cosinus · 07.03.2013, 00:03

Hallo und

Spam-Mails und andere verdächtige Mails bitte an Markus schicken siehe markusg - trojaner-board.de

Hast du nur die Mail geöffnet oder auch die ZIP-Datei? Wenn ZIP, hast du die ausführbare Datei darin gestartet per Doppelklick?

Bubus · 07.03.2013, 00:11

Hallo,
das ging ja schnell. Ich habe die E-Mail an Markus geschickt. Leider habe ich die Zip Datei geöffnet....

cosinus · 07.03.2013, 00:15

Ja ZIP geöffnet und weiter?
Eine ZIP allein ist nicht ausführbar, nur durch das Öffnen bzw. Auflisten was in der ZIP-Datei enthalten ist wird so noch kein Schadcode ausgeführt. Hast du die Datei, die in der ZIP war auch geöffnet per Doppelklick?

Bubus · 07.03.2013, 00:20

Also, ich habe die Zip Datei angeklickt, dann wurde die runtergeladen und als ich diese dann öffnen wollte ist nichts passiert.

cosinus · 07.03.2013, 00:23

Dann ist sehr sehr wahrscheinlich nichts passiert. Sollten wir aber nochmal überprüfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Bubus · 07.03.2013, 00:44

O.k ist durchgelaufen. Wie poste ich das in Code Tags?

cosinus · 07.03.2013, 00:47

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bubus · 07.03.2013, 00:50

Code:

ATTFilter

OTL logfile created on: 07.03.2013 00:32:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti und Sascha\Downloads
 An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
991,36 Mb Total Physical Memory | 360,84 Mb Available Physical Memory | 36,40% Memory free
1,97 Gb Paging File | 1,22 Gb Available in Paging File | 61,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 134,39 Gb Total Space | 109,45 Gb Free Space | 81,44% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 9,63 Gb Free Space | 65,75% Space Free | Partition Type: FAT32
 
Computer Name: BENUTZER-1E85C7 | User Name: Netti und Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Netti und Sascha\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WWAHost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ThumbnailExtractionHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dasHost.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation)
SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation)
SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation)
SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation)
SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation)
SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)
SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation)
SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation)
SRV - (AllUserInstallAgent) -- C:\Windows\System32\AUInstallAgent.dll (Microsoft Corporation)
SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation)
DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation)
DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation)
DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation)
DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation)
DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation)
DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation)
DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation)
DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation)
DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI)
DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation)
DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation)
DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation)
DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation)
DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation)
DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation)
DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation)
DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation)
DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation)
DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation)
DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\Drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation)
DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation)
DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation)
DRV - (RTL8168) -- C:\Windows\System32\Drivers\Rt630x86.sys (Realtek                                            )
DRV - (rtl8192se) -- C:\Windows\System32\Drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={C45AD266-5822-11E2-AF9D-0024216720AB}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={C45AD266-5822-11E2-AF9D-0024216720AB}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE B4 33 02 A6 19 CE 01  [binary data]
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\..\SearchScopes,DefaultScope = {4BB7C1BF-1B10-41D5-876E-18D570468D0A}
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\..\SearchScopes\{4BB7C1BF-1B10-41D5-876E-18D570468D0A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={C45AD266-5822-11E2-AF9D-0024216720AB}
IE - HKU\S-1-5-21-1268742127-2972897127-2360540471-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&barid={C45AD266-5822-11E2-AF9D-0024216720AB}&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.01.06 19:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 14:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 14:28:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.01.06 02:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Extensions
[2013.02.23 01:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Firefox\Profiles\tv809hsm.default\extensions
[2013.01.06 02:30:59 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Firefox\Profiles\tv809hsm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.01.06 02:35:35 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Firefox\Profiles\tv809hsm.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013.01.30 14:21:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Firefox\Profiles\tv809hsm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.23 01:03:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\Firefox\Profiles\tv809hsm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.14 19:23:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\firefox\profiles\tv809hsm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.02 17:04:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Netti und Sascha\AppData\Roaming\mozilla\firefox\profiles\tv809hsm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.28 14:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.28 14:28:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 05:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0B16EE-1B39-4231-8267-61A1E5301022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 08:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 15:57:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Konz2013
[2013.02.28 15:57:29 | 000,000,000 | ---D | C] -- C:\Users\Netti und Sascha\Documents\Steuer
[2013.02.28 15:15:00 | 000,000,000 | ---D | C] -- C:\Users\Netti und Sascha\AppData\Local\Buhl
[2013.02.28 15:13:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Visagesoft
[2013.02.28 15:13:49 | 000,760,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMSDMOD.DLL
[2013.02.28 15:13:49 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MPG4DMOD.DLL
[2013.02.28 15:13:48 | 000,816,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVDMOD.DLL
[2013.02.28 15:13:48 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP4SDMOD.DLL
[2013.02.28 15:13:48 | 000,316,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP43DMOD.DLL
[2013.02.28 15:13:48 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMV8DS32.AX
[2013.02.28 15:13:48 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVDS32.AX
[2013.02.28 15:13:48 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADDS32.AX
[2013.02.28 15:13:48 | 000,121,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscal.ocx
[2013.02.28 15:13:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AIM
[2013.02.28 15:13:47 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrclr40.dll
[2013.02.28 15:13:47 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrecr40.dll
[2013.02.28 15:13:46 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSREPL35.DLL
[2013.02.28 15:13:46 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXBSE35.DLL
[2013.02.28 15:13:46 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2013.02.28 15:13:46 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPDOX35.DLL
[2013.02.28 15:13:46 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSLTUS35.DLL
[2013.02.28 15:13:46 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSTEXT35.DLL
[2013.02.28 15:13:46 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2013.02.28 15:13:45 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJET35.DLL
[2013.02.28 15:13:45 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL
[2013.02.28 15:13:45 | 000,330,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCH35.DLL
[2013.02.28 15:13:45 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCL35.DLL
[2013.02.28 15:13:45 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL
[2013.02.28 15:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012
[2013.02.28 15:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Steuer 2012
[2013.02.28 15:06:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013.02.28 15:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.02.28 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.26 22:53:57 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
[2013.02.26 22:53:57 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ReAgent.dll
[2013.02.20 19:31:15 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.20 19:31:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.20 19:31:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.20 19:31:05 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 19:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.18 14:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.15 20:01:43 | 000,000,000 | -H-D | C] -- C:\Users\Netti und Sascha\Documents\Freemake_do_not_remove_this_folder634965553039479487
[2013.02.15 16:45:19 | 000,000,000 | -H-D | C] -- C:\Users\Netti und Sascha\Documents\Freemake_do_not_remove_this_folder634965435190688382
[2013.02.15 16:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.15 16:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.15 16:12:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.02.15 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Netti und Sascha\AppData\Local\ElevatedDiagnostics
[2013.02.15 15:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.15 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.15 15:20:36 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.15 15:20:35 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.14 22:21:55 | 000,000,000 | ---D | C] -- C:\Users\Netti und Sascha\AppData\Roaming\Skype
[2013.02.14 22:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.14 00:21:04 | 003,400,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013.02.14 00:21:02 | 005,554,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2013.02.14 00:20:51 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2013.02.14 00:20:44 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2013.02.14 00:20:44 | 001,532,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlidsvc.dll
[2013.02.14 00:20:41 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netprofmsvc.dll
[2013.02.14 00:20:39 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpprefcl.dll
[2013.02.14 00:20:38 | 000,024,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpiowin32.sys
[2013.02.14 00:20:34 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srmstormod.dll
[2013.02.14 00:20:33 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.dll
[2013.02.14 00:20:33 | 000,259,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgmms1.sys
[2013.02.14 00:20:33 | 000,104,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dumpsd.sys
[2013.02.14 00:20:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Networking.dll
[2013.02.14 00:20:31 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Windows.Media.dll
[2013.02.14 00:20:31 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2013.02.14 00:20:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WSDMon.dll
[2013.02.14 00:20:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2013.02.14 00:20:30 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP4SDECD.DLL
[2013.02.14 00:20:30 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srm.dll
[2013.02.14 00:19:49 | 002,881,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2013.02.14 00:19:49 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013.02.14 00:19:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesysprep.dll
[2013.02.14 00:19:48 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013.02.14 00:19:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UXInit.dll
[2013.02.14 00:19:46 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 00:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.06 23:29:28 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.05 22:51:23 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.05 22:51:23 | 159,195,279 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.03.05 22:51:22 | 831,614,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 21:23:29 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.03.04 21:23:29 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.04 21:23:29 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.03.04 21:23:29 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.28 15:15:09 | 000,000,066 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2013.02.21 08:29:31 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.21 08:29:30 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.20 19:30:55 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.02.20 19:30:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.02.20 19:30:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.02.20 19:30:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.02.20 19:30:49 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.02.20 19:30:49 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.02.18 16:02:05 | 000,289,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.02.28 15:15:03 | 000,000,066 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.02.28 15:13:48 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\jetodbc.rsp
[2013.02.18 16:01:46 | 000,289,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.14 00:20:29 | 000,386,577 | ---- | C] () -- C:\WINDOWS\System32\ApnDatabase.xml
[2013.02.02 16:13:44 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2013.01.11 22:15:50 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2013.01.06 17:04:17 | 000,000,017 | ---- | C] () -- C:\Users\Netti und Sascha\AppData\Local\resmon.resmoncfg
[2012.07.26 09:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 09:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 09:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 09:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 07:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 07:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 07:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 07:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 07:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 07:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 07:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 02:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 21:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 21:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 03:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.02 21:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 15:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 04:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2013 00:32:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti und Sascha\Downloads
 An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
991,36 Mb Total Physical Memory | 360,84 Mb Available Physical Memory | 36,40% Memory free
1,97 Gb Paging File | 1,22 Gb Available in Paging File | 61,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 134,39 Gb Total Space | 109,45 Gb Free Space | 81,44% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 9,63 Gb Free Space | 65,75% Space Free | Partition Type: FAT32
 
Computer Name: BENUTZER-1E85C7 | User Name: Netti und Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D8AFDBC-B51D-4582-9420-D9BAD5227F0C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29E3690C-0253-4E31-850B-7177538B2DEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3609C5E7-07E8-4614-A6E0-DA96D9B82C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36518C8A-A4F4-477F-B5EE-7AAD4CD43783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{411A6BEB-E366-480F-9595-500002C8171E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4E91F92F-8178-4256-AFB9-3F8648F03177}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66F81AB2-F688-42E0-9731-D19B41F188B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{69A14DF7-AC5D-423E-B684-606ABC41F3D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D8D90DF-3236-4F19-8493-4455949950BC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AEBEBFA4-3F49-4294-90A2-C897CEC75EE6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B05DE7BF-7515-4194-BDDD-4E6E3F4ECA27}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5419471-C2B6-4B05-96F7-42D815D66443}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E558A76B-A238-4BC9-B8D3-8715CF6F6777}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EDD8A559-877A-4F11-A0C2-E4246C1CB0EB}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04526CE7-FDF2-4411-95AA-6CF81A4A6F7A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0F13A4B9-3DE5-4AE5-906B-2FDD3C2F58A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{12A1C238-8085-4DE1-9921-72C7C6218EDF}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{13D9AB03-F6AC-4BA9-9F51-FD6A0C0B7ED0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{17BE39A2-88D1-4E37-9A9F-606F49FBA531}" = dir=out | name=@{microsoft.bing_1.5.1.259_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{2B9CE5BA-87A7-4E4F-BDC1-5838A34FC915}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{35F9134A-0D13-493A-8657-58638B002555}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{36F50309-9B9F-444E-A46C-28A3F5474310}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{374559C7-AFD5-4007-9CB4-867BB2B962BB}" = dir=out | name=@{12199asparion.asparionclock_1.2.1.2_neutral__f89vgcf3qm37t?ms-resource://12199asparion.asparionclock/resources/spackagename} | 
"{3775F0A9-C323-49AE-B4A0-40FF9F309A70}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{3D0A7328-02B5-48F5-9A66-D00DA45B7C6A}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{3E1D404E-9AFF-4D61-961D-8458C5D40BAA}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{45CDF887-DA78-491E-B319-21AEF8FF0C25}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{59CD9BB3-26F6-48DA-B367-844AFC23316C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5A52ACE0-4623-46A4-AD35-D4091B3D951D}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{5B89779E-5C76-4990-941B-FDA339A40C05}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{602FE96D-88C5-4E71-9532-A7D144D6A9AD}" = dir=in | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{621FF109-142E-43AF-B226-B9976019C363}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{63C90F75-1F47-4C4D-819B-795570A9598A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{694960C3-0C9D-41CF-9872-10F8965215A7}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{785A8A62-C74E-4283-BA05-D4CCA81355DD}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{7A54B804-16BC-4D63-A5E7-6B1FC56945B2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{800BA7A6-DBA5-4537-B1E4-B94EEC7E53D2}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{80F0564C-0396-445B-9C39-084923FFFCF3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{81A4C0E2-8B61-4C04-AFC5-A893500529D4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{81A7189F-76C6-4665-B0F2-EBD8D4E30F35}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{854AF452-8E1C-4AC0-ADE4-744CF1F450C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8573F67B-5F90-4149-993F-3942FBA753E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B52DB27-F320-4152-8F56-947BEC5CF7F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{8BB6F0BD-8ACC-434E-802C-B4EAD0C990D4}" = dir=out | name=windows_ie_ac_001 | 
"{8E054E59-8D34-44C3-A264-78AC083EB1C8}" = dir=out | name=ebay | 
"{924A8D0F-A432-4384-AB2E-581BC6075D86}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{982D405B-BF58-4456-ABD3-B951AE3C90ED}" = dir=in | name=ebay | 
"{9F4385C0-D81E-4329-92D4-8605FE07A0F6}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{A3E52648-4E3A-4739-97A7-713B8361450A}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{A6D153BB-DBB1-4106-AD7E-0A03DC639DD6}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{ABD0CDAC-6BD4-4BC7-884C-904DF432D369}" = dir=out | name=tv-programm | 
"{B3584550-6D58-4A09-9FE4-FF4B47EB280E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{BB31D6A1-F99C-40A0-B24E-7340FC12C186}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BD6FC888-8EF8-4220-957F-2F302AA19A64}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{C342DABE-14F7-4750-9966-72EB7A67CBE8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C34758E9-CA40-471A-AE15-524978DA2BFB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{CC5403A9-5B72-47BC-BFC7-6566FFAE6957}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D127629B-C018-4519-AC86-D93240019697}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D1FFF9D4-EF19-4F2A-8ABF-AB26B421F12E}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D5499C22-29FF-4014-B78A-23BE51B556B9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{E2148486-5B64-43BC-B2B3-E033FFEDE037}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E70B7298-66C2-4A30-9261-154B818F556D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E83334DA-1547-4625-9F23-54245B3C418F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA7013F2-7794-454A-8650-6F5F76E0CC6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EB5123BC-89C5-426A-A1E0-88959523969D}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{EE7DE5B6-C7BC-4C35-8F69-A2E8A659F70B}" = dir=out | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F6AD91ED-4390-4AD5-AB99-4A4F262EE408}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FC4A21D5-3BE7-47B3-98E0-6C1B7E06E7E1}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"Mozilla Firefox 19.0.1 (x86 de)" = Mozilla Firefox 19.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 08:48:48 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:48:55 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 28.02.2013 08:49:31 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:40 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:52 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:59 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 28.02.2013 09:51:25 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 09:51:29 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 09:59:22 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2013 00:32:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti und Sascha\Downloads
 An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
991,36 Mb Total Physical Memory | 360,84 Mb Available Physical Memory | 36,40% Memory free
1,97 Gb Paging File | 1,22 Gb Available in Paging File | 61,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 134,39 Gb Total Space | 109,45 Gb Free Space | 81,44% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 9,63 Gb Free Space | 65,75% Space Free | Partition Type: FAT32
 
Computer Name: BENUTZER-1E85C7 | User Name: Netti und Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1268742127-2972897127-2360540471-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D8AFDBC-B51D-4582-9420-D9BAD5227F0C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29E3690C-0253-4E31-850B-7177538B2DEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3609C5E7-07E8-4614-A6E0-DA96D9B82C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36518C8A-A4F4-477F-B5EE-7AAD4CD43783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{411A6BEB-E366-480F-9595-500002C8171E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4E91F92F-8178-4256-AFB9-3F8648F03177}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66F81AB2-F688-42E0-9731-D19B41F188B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{69A14DF7-AC5D-423E-B684-606ABC41F3D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D8D90DF-3236-4F19-8493-4455949950BC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AEBEBFA4-3F49-4294-90A2-C897CEC75EE6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B05DE7BF-7515-4194-BDDD-4E6E3F4ECA27}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5419471-C2B6-4B05-96F7-42D815D66443}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E558A76B-A238-4BC9-B8D3-8715CF6F6777}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EDD8A559-877A-4F11-A0C2-E4246C1CB0EB}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04526CE7-FDF2-4411-95AA-6CF81A4A6F7A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0F13A4B9-3DE5-4AE5-906B-2FDD3C2F58A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{12A1C238-8085-4DE1-9921-72C7C6218EDF}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{13D9AB03-F6AC-4BA9-9F51-FD6A0C0B7ED0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{17BE39A2-88D1-4E37-9A9F-606F49FBA531}" = dir=out | name=@{microsoft.bing_1.5.1.259_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{2B9CE5BA-87A7-4E4F-BDC1-5838A34FC915}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{35F9134A-0D13-493A-8657-58638B002555}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{36F50309-9B9F-444E-A46C-28A3F5474310}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{374559C7-AFD5-4007-9CB4-867BB2B962BB}" = dir=out | name=@{12199asparion.asparionclock_1.2.1.2_neutral__f89vgcf3qm37t?ms-resource://12199asparion.asparionclock/resources/spackagename} | 
"{3775F0A9-C323-49AE-B4A0-40FF9F309A70}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{3D0A7328-02B5-48F5-9A66-D00DA45B7C6A}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{3E1D404E-9AFF-4D61-961D-8458C5D40BAA}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{45CDF887-DA78-491E-B319-21AEF8FF0C25}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{59CD9BB3-26F6-48DA-B367-844AFC23316C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5A52ACE0-4623-46A4-AD35-D4091B3D951D}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{5B89779E-5C76-4990-941B-FDA339A40C05}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{602FE96D-88C5-4E71-9532-A7D144D6A9AD}" = dir=in | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{621FF109-142E-43AF-B226-B9976019C363}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{63C90F75-1F47-4C4D-819B-795570A9598A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{694960C3-0C9D-41CF-9872-10F8965215A7}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{785A8A62-C74E-4283-BA05-D4CCA81355DD}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{7A54B804-16BC-4D63-A5E7-6B1FC56945B2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{800BA7A6-DBA5-4537-B1E4-B94EEC7E53D2}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{80F0564C-0396-445B-9C39-084923FFFCF3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{81A4C0E2-8B61-4C04-AFC5-A893500529D4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{81A7189F-76C6-4665-B0F2-EBD8D4E30F35}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{854AF452-8E1C-4AC0-ADE4-744CF1F450C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8573F67B-5F90-4149-993F-3942FBA753E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B52DB27-F320-4152-8F56-947BEC5CF7F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{8BB6F0BD-8ACC-434E-802C-B4EAD0C990D4}" = dir=out | name=windows_ie_ac_001 | 
"{8E054E59-8D34-44C3-A264-78AC083EB1C8}" = dir=out | name=ebay | 
"{924A8D0F-A432-4384-AB2E-581BC6075D86}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{982D405B-BF58-4456-ABD3-B951AE3C90ED}" = dir=in | name=ebay | 
"{9F4385C0-D81E-4329-92D4-8605FE07A0F6}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{A3E52648-4E3A-4739-97A7-713B8361450A}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{A6D153BB-DBB1-4106-AD7E-0A03DC639DD6}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{ABD0CDAC-6BD4-4BC7-884C-904DF432D369}" = dir=out | name=tv-programm | 
"{B3584550-6D58-4A09-9FE4-FF4B47EB280E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{BB31D6A1-F99C-40A0-B24E-7340FC12C186}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BD6FC888-8EF8-4220-957F-2F302AA19A64}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{C342DABE-14F7-4750-9966-72EB7A67CBE8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C34758E9-CA40-471A-AE15-524978DA2BFB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{CC5403A9-5B72-47BC-BFC7-6566FFAE6957}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D127629B-C018-4519-AC86-D93240019697}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D1FFF9D4-EF19-4F2A-8ABF-AB26B421F12E}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D5499C22-29FF-4014-B78A-23BE51B556B9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{E2148486-5B64-43BC-B2B3-E033FFEDE037}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E70B7298-66C2-4A30-9261-154B818F556D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E83334DA-1547-4625-9F23-54245B3C418F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA7013F2-7794-454A-8650-6F5F76E0CC6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EB5123BC-89C5-426A-A1E0-88959523969D}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{EE7DE5B6-C7BC-4C35-8F69-A2E8A659F70B}" = dir=out | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F6AD91ED-4390-4AD5-AB99-4A4F262EE408}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FC4A21D5-3BE7-47B3-98E0-6C1B7E06E7E1}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"Mozilla Firefox 19.0.1 (x86 de)" = Mozilla Firefox 19.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 08:48:48 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:48:55 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 28.02.2013 08:49:31 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:40 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:52 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 08:49:59 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 28.02.2013 09:51:25 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 09:51:29 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 09:59:22 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 28.02.2013 10:26:41 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
[ System Events ]
Error - 02.03.2013 15:55:57 | Computer Name = benutzer-1e85c7 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 02.03.2013 15:56:24 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602
 (Definition 1.145.920.0)
 
Error - 05.03.2013 15:46:09 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602
 (Definition 1.145.1089.0)
 
Error - 05.03.2013 17:51:29 | Computer Name = benutzer-1e85c7 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2013 um 22:36:04 unerwartet heruntergefahren.
 
Error - 05.03.2013 17:51:33 | Computer Name = BENUTZER-1E85C7 | Source = BugCheck | ID = 1001
Description = 
 
Error - 05.03.2013 17:53:35 | Computer Name = benutzer-1e85c7 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht
 richtig gestartet.
 
Error - 05.03.2013 17:53:36 | Computer Name = benutzer-1e85c7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1070
 
Error - 05.03.2013 17:57:01 | Computer Name = benutzer-1e85c7 | Source = DCOM | ID = 10010
Description = 
 
Error - 05.03.2013 17:57:01 | Computer Name = benutzer-1e85c7 | Source = DCOM | ID = 10010
Description = 
 
Error - 06.03.2013 15:00:54 | Computer Name = benutzer-1e85c7 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602
 (Definition 1.145.1191.0)
 
 
< End of report >

Sorry, hat was länger gedauert... Frauen und Technik

cosinus · 07.03.2013, 09:12

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Bubus · 07.03.2013, 15:12

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-07 15:04:56
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\NETTIU~1\AppData\Local\Temp\fgliipod.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwReplacePartitionUnit + 2AC1                                                                                                81D9BA39 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                    81DA043A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device          \Driver\BTHUSB \Device\00000044                                                                                                           bthport.sys
Device          \Driver\BTHUSB \Device\00000046                                                                                                           bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                  fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                  fltmgr.sys

---- Threads - GMER 2.1 ----

Thread          System [4:208]                                                                                                                            82560DE6
---- Processes - GMER 2.1 ----

Library         C:\Users\Netti und Sascha\Downloads\gmer_2.1.19155.exe (*** hidden *** ) @ C:\Users\Netti und Sascha\Downloads\gmer_2.1.19155.exe [1292]  0x00400000                                                                                                                                           

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                         1177568582
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243ed37ef                                                               

---- EOF - GMER 2.1 ----

Hallöchen, ich hoffe damit kannst du etwas anfangen...Ich verstehe da nur Bahnhof. Werde jetzt Malwarebytes herunterladen und starten...

Code:

ATTFilter

07.03.2013 16:33:49
mbar-log-2013-03-07 (16-33-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 25131
Time elapsed: 12 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312570297_user.mbam (Forged physical sector) -> Delete on reboot.

(end)

07.03.2013, 00:03	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verdächtige E-Mail mit Zip-Datei geöffnet Hallo und Spam-Mails und andere verdächtige Mails bitte an Markus schicken siehe markusg - trojaner-board.de Hast du nur die Mail geöffnet oder auch die ZIP-Datei? Wenn ZIP, hast du die ausführbare Datei darin gestartet per Doppelklick? __________________ __________________

07.03.2013, 00:15	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verdächtige E-Mail mit Zip-Datei geöffnet Ja ZIP geöffnet und weiter? Eine ZIP allein ist nicht ausführbar, nur durch das Öffnen bzw. Auflisten was in der ZIP-Datei enthalten ist wird so noch kein Schadcode ausgeführt. Hast du die Datei, die in der ZIP war auch geöffnet per Doppelklick? __________________ Logfiles bitte immer in CODE-Tags posten

Verdächtige E-Mail mit Zip-Datei geöffnet

Plagegeister aller Art und deren Bekämpfung: Verdächtige E-Mail mit Zip-Datei geöffnet