Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 25.02.2013, 12:19   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Bitte ein neues OTL-Log machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.03.2013, 15:28   #17
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Hier der neue OTL Log, war leider zu beschäftigt in letzter Zeit.

Code:
ATTFilter
OTL logfile created on: 02.03.2013 14:08:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free
15,99 Gb Paging File | 14,16 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 16,37 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive D: | 390,63 Gb Total Space | 277,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive E: | 540,88 Gb Total Space | 370,01 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 667,54 Gb Free Space | 71,68% Space Free | Partition Type: FAT32
 
Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cxbu1x64) -- C:\Windows\SysNative\drivers\cxbu1x64.sys ( )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C5 52 83 01 F5 CD 01  [binary data]
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes,DefaultScope = {E8C3C50B-B838-4C25-820F-ADDF852A4BC2}
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes\{E8C3C50B-B838-4C25-820F-ADDF852A4BC2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.28 21:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 13:29:29 | 000,000,000 | ---D | M]
 
[2013.01.03 16:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2013.02.14 20:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\u2ectj6f.default\extensions
[2013.02.14 20:14:10 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\u2ectj6f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.03 14:18:07 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\u2ectj6f.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.02.14 20:14:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\u2ectj6f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 21:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.28 21:29:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.02.28 21:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12C45EE0-2185-43B4-B01C-07A8DA4C6039}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52A1039F-A2F3-414F-AB25-30598A17443B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\msc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerdvd8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scannerfinder.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scanwizard5.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tmmonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\totalmedia.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tvpi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerdvd8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scannerfinder.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scanwizard5.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tmmonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\totalmedia.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tvpi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SYSTEM\AUTOSTRT.EXE
O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell\install1\command - "" = D:\system\setup32\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 21:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.28 01:30:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 01:30:10 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 01:30:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 01:30:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 01:30:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 01:30:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 01:30:05 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 01:30:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 01:30:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 01:30:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 01:30:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 01:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 01:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 01:30:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 01:30:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 01:30:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 01:30:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 01:30:04 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 01:30:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 01:30:04 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 01:30:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 01:30:04 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 01:30:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 01:30:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 01:30:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 01:30:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 01:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 01:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 01:30:03 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 01:30:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 01:30:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 01:30:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 01:30:03 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.26 09:40:04 | 026,365,893 | ---- | C] (Macrovision Corporation) -- C:\Users\*\Documents\TourExplorer25Deutschland5080.exe
[2013.02.24 23:24:56 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\*\Desktop\JRT(1).exe
[2013.02.24 22:24:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.24 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013.02.24 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Apps
[2013.02.24 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\e-academy Inc
[2013.02.24 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\e-academy Inc
[2013.02.23 14:56:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2013.02.22 17:40:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\CD-LabelPrint
[2013.02.22 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2013.02.22 17:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD-LabelPrint
[2013.02.22 15:33:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.22 15:32:18 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.21 17:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.02.21 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.02.21 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Anti-Malware
[2013.02.21 16:12:49 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2013.02.21 16:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 16:12:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.21 16:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.20 13:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.20 12:42:24 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.20 12:42:19 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.20 12:42:19 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.20 12:42:19 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.20 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.20 12:40:36 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.20 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.20 12:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.20 12:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.02.13 13:26:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 13:26:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 13:26:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 13:26:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 13:26:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 13:26:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 13:26:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 13:26:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 13:26:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 13:26:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 13:26:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 13:26:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 13:26:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 13:26:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 13:26:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 09:58:21 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 09:58:21 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 09:58:20 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 09:58:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 09:58:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 09:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 09:58:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 09:58:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 09:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 09:58:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.05 00:13:08 | 000,507,392 | ---- | C] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.02.04 23:48:33 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\ArcSoft ToGo
[2013.02.03 00:38:54 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Program Settings
[2013.02.03 00:35:40 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.008
[2013.02.03 00:35:39 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2013.02.03 00:35:39 | 000,614,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2013.02.03 00:35:39 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007
[2013.02.03 00:35:39 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2013.02.03 00:35:39 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2013.02.03 00:35:39 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2013.02.03 00:35:39 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2013.02.03 00:35:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006
[2013.02.03 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GUC
[2013.01.31 17:21:36 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 14:13:29 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.02 14:13:29 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.02 14:13:29 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.02 14:13:29 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.02 14:13:29 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.02 14:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 02:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.02 00:27:51 | 000,998,250 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.03.02 00:27:51 | 000,052,701 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.03.01 22:29:45 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 22:29:45 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 11:59:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 11:59:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.26 14:40:49 | 000,000,035 | ---- | M] () -- C:\Windows\Ulead32.INI
[2013.02.26 09:40:32 | 026,365,893 | ---- | M] (Macrovision Corporation) -- C:\Users\*\Documents\TourExplorer25Deutschland5080.exe
[2013.02.24 23:25:00 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\*\Desktop\JRT(1).exe
[2013.02.24 13:09:44 | 000,003,153 | ---- | M] () -- C:\Users\*\Desktop\Secure Download Manager.lnk
[2013.02.23 14:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2013.02.21 16:12:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 12:42:16 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.02.20 12:42:16 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.20 12:42:16 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.20 12:42:16 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.20 12:42:16 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.20 12:42:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.13 15:21:59 | 000,455,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 12:34:17 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk
[2013.02.05 00:15:01 | 000,001,996 | -H-- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
[2013.02.05 00:15:01 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia 3.lnk
[2013.02.05 00:13:08 | 000,507,392 | ---- | M] (ITETech                  ) -- C:\Windows\SysNative\drivers\AF15BDA.sys
[2013.02.05 00:13:08 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll
[2013.02.05 00:13:08 | 000,000,245 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2013.02.03 00:38:17 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2013.02.03 00:36:27 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\FINView.Lnk
[2013.01.31 17:21:36 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll
[2013.01.31 17:21:36 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll
[2013.01.31 17:21:34 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll
[2013.01.31 17:21:32 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool110.dll
[2013.01.31 17:21:32 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll
[2013.01.31 17:21:28 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll
[2013.01.31 17:21:22 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll
[2013.01.31 17:21:18 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll
[2013.01.31 17:21:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.24 13:09:44 | 000,003,153 | ---- | C] () -- C:\Users\*\Desktop\Secure Download Manager.lnk
[2013.02.21 16:12:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 00:38:17 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2013.02.03 00:36:27 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\FINView.Lnk
[2013.02.03 00:35:55 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\Unwise32.exe
[2013.01.07 18:36:53 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.06 20:57:05 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2013.01.06 20:57:05 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2013.01.06 20:57:04 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013.01.06 19:11:32 | 000,001,439 | ---- | C] () -- C:\Windows\ctnkr16.ini
[2013.01.06 19:01:53 | 000,000,033 | ---- | C] () -- C:\Users\*\.STICK_TYP_VOREINSTELLUNG
[2013.01.05 16:41:45 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 15:56:26 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2013.01.04 15:55:58 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2013.01.04 15:55:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2013.01.04 15:01:56 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.04 15:01:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2013.01.03 23:50:40 | 000,998,250 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.01.03 18:08:03 | 000,340,021 | ---- | C] () -- C:\Windows\SysWow64\jpeg.dll
[2013.01.03 16:25:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.03 16:25:11 | 000,023,953 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2010.05.05 11:25:54 | 000,089,816 | ---- | C] () -- C:\Users\*\AppData\Roaming\Elster-Bar.bmp
[2009.06.15 14:39:34 | 000,324,137 | ---- | C] () -- C:\Users\*\AppData\Roaming\elster_1001.jpg
[2009.06.15 14:39:34 | 000,275,898 | ---- | C] () -- C:\Users\*\AppData\Roaming\Bitmapwhite.bmp
[2009.06.15 14:39:34 | 000,174,680 | ---- | C] () -- C:\Users\*\AppData\Roaming\ELSTER.bmp
[2009.06.15 14:39:34 | 000,174,678 | ---- | C] () -- C:\Users\*\AppData\Roaming\ELSTER.orig.bmp
[2009.06.15 14:39:34 | 000,127,002 | ---- | C] () -- C:\Users\*\AppData\Roaming\offen0.jpg
[2009.06.15 14:39:34 | 000,109,477 | ---- | C] () -- C:\Users\*\AppData\Roaming\Nutzungsbedingungen GuDMW SW deutsch.rtf
[2009.06.15 14:39:34 | 000,009,352 | ---- | C] () -- C:\Users\*\AppData\Roaming\ST-GuDStarSignUSBTokenfuerELSTER.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.03 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Acronis
[2013.01.15 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Bildverkleinerer
[2013.01.06 18:52:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Canon
[2013.02.22 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CD-LabelPrint
[2013.01.06 20:57:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\concept design
[2013.01.07 16:11:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon
[2013.01.09 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2013.02.24 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\e-academy Inc
[2013.01.06 17:52:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\elsterformular
[2013.01.03 19:56:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\F02DCCDF-A8D1-4DC4-9FCF-293DCEFC50D0
[2013.01.07 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Geogrid
[2013.01.04 00:54:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\JAM Software
[2013.01.24 14:39:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Lexware
[2013.01.24 21:15:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MagicMaps
[2013.01.07 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OCS
[2013.01.06 13:51:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ortwin
[2013.01.03 18:42:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2013.01.09 12:03:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\topowin
[2013.01.07 16:16:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2013.01.06 20:49:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extra OTL Log

Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 14:08:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manfred\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free
15,99 Gb Paging File | 14,16 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 16,37 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive D: | 390,63 Gb Total Space | 277,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive E: | 540,88 Gb Total Space | 370,01 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 667,54 Gb Free Space | 71,68% Space Free | Partition Type: FAT32
 
Computer Name: MANFRED-PC | User Name: Manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D58F60E-64B1-4DE3-938F-8CFEF3F8A9D1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0DFFEBEA-D59E-46D6-93BA-4543E438185C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{236E636D-634D-4ACC-B2F4-008BEB42384D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{248E7503-2617-4B06-9533-E513777D855D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2648D60E-CF0E-4F74-8175-CBE3D9D49D16}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C0E6C17-5B8E-4FA6-96A7-08569027E922}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{437E7964-08D8-463D-94D3-124FEE1062FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55F55497-9DEC-4E42-8693-A82523A6DFA4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6577FC11-16F4-4E95-8EB8-288EA75F2BF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7C54D9CB-A370-4087-B451-1677A1C8EEB1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9B55B983-A250-41BE-89E0-A0761F5DDAE4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A04A64FD-F2C6-4BE5-9EFF-99E6709C0717}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A1CEBDE9-FA0B-4E33-A043-E48FDFB0EB4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4264AA2-5537-455D-A15E-95B4F3B59C06}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B48FB3CF-13EA-4206-A860-FCF2B2FF8B3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C076C70D-20C2-411D-8DE0-ED54EDFB0161}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4240379-363E-4D6C-94DE-B8C428781AC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA33CB19-3B52-498F-A3EB-C7A1254F1FB0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D45EC4C4-9C25-4E7B-94AB-A41C3EA8CA97}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DA0ABE38-A947-4113-8ACE-10932AD9A74F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DCF9999E-6AB4-46C9-A095-6F2EF94A48AC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E44EC7A5-8A3A-4B84-9331-9D1A9F4939D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F21D98EF-1ED5-4868-8125-9FDC555F51F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6F28309-AFAD-4D09-99DD-127A6367EDB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C05856B-5473-4211-886E-1F7EA10E3003}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{153840BE-0684-4955-B4A4-DFC7E163DCB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1632B66B-EC69-45BE-AED9-242BFBCC87D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{220CAD5C-AE79-4E99-9F8E-210905995EF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40607894-C97B-484D-9D92-AD239119195B}" = protocol=6 | dir=out | app=c:\program files (x86)\franzis\onlinetv 8\onlinetvstarter.exe | 
"{45432EB0-EEAA-4598-8702-827F44608FEC}" = protocol=6 | dir=out | app=c:\program files (x86)\franzis\onlinetv 8\onlinetv.exe | 
"{552F3AB5-DFEA-4892-9CB8-9F44D3162374}" = protocol=6 | dir=in | app=c:\program files (x86)\franzis\onlinetv 8\onlinetvstarter.exe | 
"{65BC4DEB-639D-49BD-85C3-C7EF10310E46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6873FA42-0BFE-4BD2-AE55-8D0D424BA61C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{69166BAF-4AF6-4E92-B01F-937C39F80020}" = protocol=6 | dir=out | app=system | 
"{6A3BC930-E8B3-4B3A-AF5C-9E2834A5F466}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A9D993C-97DA-4956-867C-AED24DE382F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D24A1EB-172F-430A-8F8F-853D9E706E2F}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe | 
"{904E9C24-FCBD-4DFD-BC9B-EF8BE30D9A21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9BB3C799-9112-4AD0-8A8B-1D01C111C0C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D168CF4-E703-49A2-9B46-5554BF5FE7E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B1E12792-9826-49AD-BBD1-D3450DE40B06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B2255B9D-0B2D-44C3-B17E-E02DA300673E}" = protocol=6 | dir=in | app=c:\program files (x86)\franzis\onlinetv 8\onlinetv.exe | 
"{B5C2454C-DA5B-4390-BF2C-2662314B0B33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B902D6A3-18BE-45E3-9ADE-08837988D637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8AA1BAB-81BF-45E2-BDAD-8BC60AED7CBD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{CD85BC78-8738-4A6A-9498-F10E00AE11D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DCCA4BE7-0B01-4670-8C97-46E9BCECEFC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DCCE66FF-6B16-44F3-A703-481EDA327FEF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E1A7310B-065D-40F3-AB5A-33C6DAA8CAF9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E4F71C49-A487-49F4-B02B-5A98FA287C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe | 
"{E716EACB-14D3-40D1-A8AC-43CF7FA9B386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED036796-5E9B-4C82-B88E-D32796141369}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F7FE5E4C-41DD-4D73-B1BD-A55D55A5F96F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FA9DE979-7311-46DC-B857-DFA18857F259}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{939913F9-F134-4E9E-B879-BE6755B69952}" = USB CCID Smartcard Reader - Version 1.2.1.2
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ZonerPhotoStudio13_DE_is1" = Zoner Photo Studio 13
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0CA1C412-6716-40E8-B033-006002E7F7EC}" = MagicMaps Support und Update Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1551D7A5-4BE5-4FE3-A1BA-6E9FCBDF6E33}" = MagicMaps Tour Explorer 25 Deutschland V 5.0
"{1A8C2475-370D-4C94-9B27-A9663C9438C0}" = MagicMaps Tour Explorer 50 Österreich
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = TotalMedia
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für Tevion
"{3D597D61-1631-4CD1-9499-ABD21708B8F2}" = MagicMaps Tour Explorer 50 Österreich 4.0
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{43F29DF0-5C1E-4D72-81FC-95CD84C3520B}" = PC-ASK
"{483E27E3-70C3-43BA-91D1-0BD3AD920288}" = MagicMaps Tour Explorer 50 Österreich 4.0 Daten DVD Topografische Karte  (BEV)
"{4AC3B678-B65C-450A-A2A8-800BA873B30E}" = MagicMaps Schleswig-Holstein Hamburg Mecklenburg-Vorpommern 5.0
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{69742A9A-B7C4-433B-98B2-53D597598793}_is1" = Inpaint 3 Installation & Registrierung
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{6EE91F56-EEF6-45B4-AAD6-10E970BCCF62}" = MagicMaps Bayern 5.0
"{702B5ACF-7E61-4BFB-A30A-DF131111CCAA}" = MagicMaps Tour Explorer 25 Deutschland V 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8127FAC1-7E14-4A51-B0AF-692FCA16044E}" = MagicMaps Sachsen Thüringen 5.0
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8834D52E-DFBC-4D88-BEE8-EEEB35341F78}" = FINView 3.0 Client
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8E85BB53-A268-403A-9032-BBFEC90A8FD9}" = Top10 Viewer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A0E56653-AAA4-4A08-B841-022F48D4D437}" = KE 2.04
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF9B8F2B-8401-4E1F-AB22-E481ED20165B}" = FINAdmin
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B85AF345-5EE4-4654-8D07-B725101B1B26}" = MagicMaps Nordrhein-Westfalen 5.0
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C38E8F5B-DD55-4749-820C-63DB19CF6D8A}" = MagicMaps Berlin Brandenburg Sachsen-Anhalt 5.0
"{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1" = Ashampoo Snap 6 v.6.0.3
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1" = FRANZIS onlineTV 8
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CFF94055-F847-499B-AE86-B63C2E2FF9BD}" = MagicMaps Niedersachsen Bremen 5.0
"{DA2D304B-5791-4D2B-93B6-514A5DC67E47}" = MagicMaps Tour Explorer 50 Österreich 4.0 Daten DVD Rad- und Wanderkarte Freytag und Berndt
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43A86CF-CBC4-40EA-A60A-1B12A1F11B30}" = PC-ASK
"{EA68992B-273F-4692-B24E-FDE423760A2B}" = Geogrid®-Viewer
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6B0EF38-9508-467B-8660-5A8242420459}" = MagicMaps Baden-Württemberg 5.0
"{FBD7863F-06FE-4C9A-A72C-DC19D9BFDD1A}" = MagicMaps Hessen Rheinland-Pfalz Saarland 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Der grandiose Bildverkleinerer" = Der grandiose Bildverkleinerer 1.7b
"DPP" = Canon Utilities Digital Photo Professional 3.9
"ElsterFormular" = ElsterFormular
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapObjects 2.1 Runtime" = ESRI MapObjects 2 Runtime
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"ORTWIN_is1" = ORTWIN
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoZoom Pro 4" = BenVista PhotoZoom Pro 4.1.4
"QuoVadis 6_is1" = QuoVadis 6
"QuoVadis Ortsdatenbank Welt_is1" = QuoVadis Ortsdatenbank Welt
"TOPOWIN_is1" = TOPOWIN
"Touratech QV 4_is1" = Touratech QV 4
"TreeSize Free_is1" = TreeSize Free V2.7
"TTQV Navteq-Maps 2009Q4_is1" = TTQV Navteq-Maps 2009Q4
"TTQV5 Bonus-Maps_is1" = TTQV5 Bonus-Maps
"TTQV5 DEM Srtm30_is1" = TTQV5 DEM Srtm30
"TTQV5 Ortsdatenbank Welt_is1" = TTQV5 Ortsdatenbank Welt
"TTQV5-Map Weltatlas 4Mio_is1" = TTQV5-Map Weltatlas 4Mio
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.02.2013 19:09:36 | Computer Name = Manfred-PC | Source = Application Hang | ID = 1002
Description = Programm WINZIP32.EXE, Version 25.0.8708.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1888    Startzeit:
 01ce12e3fe5e2cc5    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\WinZip\WINZIP32.EXE

Berichts-ID:
 40541204-7ed7-11e2-9771-08002700b09c  
 
Error - 01.03.2013 04:56:04 | Computer Name = Manfred-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manfred\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.03.2013 17:59:14 | Computer Name = Manfred-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Manfred\downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 26.02.2013 14:05:40 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.02.2013 03:46:56 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 27.02.2013 03:47:19 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.02.2013 05:07:24 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 01.03.2013 04:41:45 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 01.03.2013 04:42:08 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 01.03.2013 11:32:40 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 01.03.2013 17:22:29 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
Error - 01.03.2013 17:22:53 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 02.03.2013 09:06:50 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description = 
 
 
< End of report >
         
__________________


Alt 03.03.2013, 17:48   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
__________________

Alt 03.03.2013, 19:02   #19
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Gmer

Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-03 18:21:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 Samsung_SSD_840_Series rev.DXT07B0Q 111,79GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\*AppData\Local\Temp\kwliifob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2316] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                 0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2316] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69        0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155       00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000074911465 2 bytes [91, 74]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000749114bb 2 bytes [91, 74]
.text  ...                                                                                                                                        * 2

---- EOF - GMER 2.1 ----
         


MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
 [administrator]

03.03.2013 18:36:24
mbar-log-2013-03-03 (18-36-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29519
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 03.03.2013, 20:45   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.03.2013, 23:14   #21
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Das Avast Tool hat sich zwei Mal aufgehangen. Soll ich es weiterhin probieren?

TDSS Killer siehe Anhang. Danke weiterhin für deine Mühen.

Alt 05.03.2013, 10:42   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 22:10   #23
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



aswMBR Log

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-05 22:08:22
-----------------------------
22:08:22.464    OS Version: Windows x64 6.1.7601 Service Pack 1
22:08:22.464    Number of processors: 4 586 0x170A
22:08:22.464    ComputerName: *-PC  UserName: *
22:08:24.087    Initialize success
22:08:32.557    AVAST engine defs: 13030400
22:09:24.194    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
22:09:24.209    Disk 0 Vendor: Samsung_SSD_840_Series DXT07B0Q Size: 114473MB BusType: 11
22:09:24.209    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
22:09:24.209    Disk 1 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 11
22:09:24.209    Disk 0 MBR read successfully
22:09:24.225    Disk 0 MBR scan
22:09:24.225    Disk 0 Windows 7 default MBR code
22:09:24.225    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:09:24.240    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
22:09:24.256    Disk 0 scanning C:\Windows\system32\drivers
22:09:29.170    Service scanning
22:09:41.915    Modules scanning
22:09:41.915    Disk 0 trace - called modules:
22:09:41.915    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:09:41.931    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007254060]
22:09:41.931    3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa800716ce10]
22:09:41.931    5 vsflt67.sys[fffff88000fbe7cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8007058060]
22:09:41.946    Scan finished successfully
22:09:48.623    Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
22:09:48.639    The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"
         

Alt 06.03.2013, 11:54   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.03.2013, 16:59   #25
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



MWB Quick

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.06.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
* :: *-PC [Administrator]

Schutz: Aktiviert

06.03.2013 21:46:38
mbam-log-2013-03-06 (21-46-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227837
Laufzeit: 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d8789d57a5235643830651b6d6a2e47b
# engine=13317
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-06 10:44:40
# local_time=2013-03-06 11:44:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 11703 114239730 0 0
# scanned=207826
# found=0
# cleaned=0
# scan_time=6761
         

Alt 07.03.2013, 17:11   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.03.2013, 17:24   #27
Dread
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Das klingt doch mal gut Soweit ich das sehen konnte, nicht, aber es ist ja wie gesagt nicht mein eigener PC. Falls noch was auftauchen sollte, werde ich darüber berichten. CookieCuller werde ich mir noch anschauen. Danke auf jeden Fall nochmal für die Hilfe!

Alt 08.03.2013, 00:22   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Standard

IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll
anti-malware, autostart, besser, bytes, code, dateien, daten, emsisoft, entfernen, gefährlich, geld, gelöscht, gen, geschlossen, guten, leute, malware, malware bytes, namen, platte, programm, quarantäne, speicher, trennung, verhindern, verloren, viren



Ähnliche Themen: IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll


  1. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  2. IBUpdaterService-->Trojaner? Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (19)
  3. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  4. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  5. IBUpdaterService\ibsvc.exe (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (9)
  6. IBUpdaterService - möglicherweise ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (1)
  7. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  8. Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (3)
  9. Windows Custom Management entfernen
    Anleitungen, FAQs & Links - 25.06.2012 (2)
  10. Windows Custom Safety entfernen
    Anleitungen, FAQs & Links - 07.06.2012 (2)
  11. OTLPE Custom FIX
    Log-Analyse und Auswertung - 05.03.2012 (4)
  12. Windows Custom Settings entfernen
    Anleitungen, FAQs & Links - 26.05.2011 (2)
  13. backdoor agent
    Log-Analyse und Auswertung - 14.10.2005 (45)
  14. Backdoor.Agent.bg
    Log-Analyse und Auswertung - 13.07.2005 (2)
  15. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 23.08.2004 (1)
  16. backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 08.08.2004 (8)
  17. Backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 28.07.2004 (1)

Zum Thema IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll - Bitte ein neues OTL-Log machen - IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll...
Archiv
Du betrachtest: IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.