Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 25.02.2013, 21:17   #1
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Trojaner-Board-Profis,

Das ist ja soo blöd…

Habe eine Mail erhalten mit Mahnung und Attachment... GMX Scanner und Antivir sagten:_ Ok sicher_ und angegebener Shop sah seriös aus... Habe, dummer weise, das .zip ausgeführt (ohne Passwort), das scheinbar fehlgeschlagen ist. Meine Firewall hat daraufhin eine Kommunikation mit einer mucov.exe gemeldet, welche ich nicht erlaubt habe. (Win 7)

Leider erst hier haben alle Alarmglocken geläutet. Netzkabel gezogen, mucov.exe im Taskmanager gestoppt und Antivir scannen lassen, ohne Ergebnis. Ich habe die besagte mucov.exe in den Papierkorb verschoben und erst heute wieder hergestellt um sie von Malewarebytes in Quarantäne stellen zu lassen:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Deaktiviert

25.02.2013 12:11:29
mbam-log-2013-02-25 (12-11-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228089
Laufzeit: 2 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Houka (IPH.Trojan.Zbot.Rke) -> Daten: C:\Users\Ich\AppData\Roaming\Acuq\mucov.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ich\AppData\Roaming\Acuq\mucov.exe (IPH.Trojan.Zbot.Rke) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Nach intensiver Recherche viele tolle Tipps und Hilfestellungen auf Eurer Seite gefunden. <- Dickes Kompliment an Euch!!!

Nach dem Löschen der mucov.exe Malewarebytes installiert und Trojaner + Spyware gefunden:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Aktiviert

23.02.2013 04:03:56
MBAM-log-2013-02-23 (04-12-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227755
Laufzeit: 4 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Ich\AppData\Local\Temp\ygxlrwmxbr.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ngmndl.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\patchskin.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Im Anschluss im Fullscann wurden weitere Programme gefunden (PUP.Joke.Buttons / Application.Joke):
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Aktiviert

23.02.2013 04:14:52
mbam-log-2013-02-23 (04-14-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 506071
Laufzeit: 1 Stunde(n), 47 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\1 Fotos\Schrott vorläufig\Bilder\Bilder\Humor\Alcotest.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\1 Fotos\Schrott vorläufig\Bilder\Bilder\Humor\Sonne1.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\1 Fotos\Schrott vorläufig\Bilder\Humor\Sonne1.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\1 Fotos\Schrott vorläufig\Bilder 01\Humor\Sonne1.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122489.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122498.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122528.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122537.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122555.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122564.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122593.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{51757D3E-579F-4AED-A114-C3A6664FE005}\RP942\A0122602.exe (PUP.Joke.Buttons) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Dann zwei anti-Rootkit Programme ohne Ergebnis Suchen lassen. (Avira_antivir_Antirootkit und Kaspersky TDSS rootkitremoving tool)

Bin dann zurück ans Netz und beide Virenscanner aktualisiert und ohne Ergebnis fullscann durchgeführt.

Heute habe ich den Rechner in Betrieb genommen, wieder Firewall meldet .exe -> Maleware scann -> 2 Meldungen:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Deaktiviert

25.02.2013 10:09:49
mbam-log-2013-02-25 (10-09-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228547
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Ich\AppData\Roaming\Yphyry\ocgu.exe (Trojan.Agent.MU) -> 2148 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Daazyn (Trojan.Agent.MU) -> Daten: C:\Users\Ich\AppData\Roaming\Yphyry\ocgu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Ich\AppData\Roaming\Yphyry\ocgu.exe (Trojan.Agent.MU) -> Löschen bei Neustart.
C:\Users\Ich\AppData\Local\Temp\tmpfe3b2431\win64-update.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Inzwischen habe jetzt 20 Objekte bei Maleware in Quarantäne und die Orginal .Zip mit Mail habe ich auch noch falls das von Interesse ist. Es scheinen auch keine Dateien Verschlüsselt zu sein.

Bin vollkommen Ratlos wie ich da jetzt wieder Rauskomme.

Hiillfffeee!

Maik

PS: Kann sich die gefundene Maleware auch über USB Sticks weiterverbreiten? -> Zweitrechner

Alt 26.02.2013, 10:41   #2
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.




Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 26.02.2013, 18:39   #3
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

das OTL was kein Problem:
Code:
ATTFilter
OTL logfile created on: 26.02.2013 13:44:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,97 Gb Available Physical Memory | 87,33% Memory free
15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 481,29 Gb Free Space | 51,67% Space Free | Partition Type: NTFS
Drive D: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,64% Space Free | Partition Type: FAT32
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C503.tmp (Sophos Plc)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 C9 DA AB 96 D0 CC 01  [binary data]
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{9E677005-0C17-4053-B24D-B5D1D048446E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
 
[2012.01.11 21:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Extensions
[2013.01.10 18:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Firefox\Profiles\udolovn7.default\extensions
[2013.02.20 10:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 10:38:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.29 11:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:12:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.29 11:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.29 11:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.29 11:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.29 11:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [brtjzlry] C:\Users\Ich\AppData\Roaming\Lopk\fihjnzlry.exe ()
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [oxshjmxw] C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe ()
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61575A0-B03C-4451-926B-C369B4992AB6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.26 13:43:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.25 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Acuq
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Yphyry
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Ifez
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Idrevu
[2013.02.23 23:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.02.23 23:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.02.23 04:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Malwarebytes
[2013.02.23 03:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 03:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 03:58:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 03:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Exhyp
[2013.02.22 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Iggii
[2013.02.22 19:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Lopk
[2013.02.20 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 00:17:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 00:17:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 00:17:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 00:17:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 00:17:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 00:17:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 00:17:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 00:17:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 00:17:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 00:17:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 00:17:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 00:17:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 00:17:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 00:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 00:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:50:12 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:50:12 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:50:11 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:50:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:50:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:50:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:50:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:50:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:50:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:50:03 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.04 12:56:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.04 12:56:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.02.22 20:32:17 | 003,412,912 | ---- | C] (TeamViewer GmbH) -- C:\Program Files (x86)\buhlqs_de.exe
[2012.02.22 20:29:20 | 001,824,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files (x86)\xerces.dll
[2012.02.22 20:29:18 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc2008sp1redist_x86.exe
[2012.02.22 20:29:18 | 001,153,024 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icuuc44.dll
[2012.02.22 20:29:18 | 000,148,992 | ---- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files (x86)\log4cpp.dll
[2012.02.22 20:29:18 | 000,146,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\tmcrypt.dll
[2012.02.22 20:29:15 | 014,930,944 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icudt44.dll
[2012.02.22 20:29:15 | 001,943,040 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericxml.dll
[2012.02.22 20:29:15 | 001,185,280 | ---- | C] (Olaf Stüben) -- C:\Program Files (x86)\fa_xml.dll
[2012.02.22 20:29:15 | 001,025,536 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericutil.dll
[2012.02.22 20:29:14 | 003,172,352 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericprint.dll
[2012.02.22 20:29:14 | 001,544,704 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\erictransfer.dll
[2012.02.22 20:29:14 | 000,978,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericcrypt.dll
[2012.02.22 20:29:14 | 000,331,264 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericplugin.dll
[2012.02.22 20:29:14 | 000,144,896 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericio.dll
[2012.02.22 20:29:13 | 005,016,576 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericbasis.dll
[2012.02.22 20:29:13 | 002,392,064 | ---- | C] (secunet Security Networks AG) -- C:\Program Files (x86)\esigner.dll
[2012.02.22 20:29:13 | 000,864,768 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericapi.dll
[2012.02.22 20:29:13 | 000,256,000 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericanm.dll
[2012.02.22 20:29:12 | 000,738,792 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTDynInt.ocx
[2012.02.22 20:29:12 | 000,024,576 | ---- | C] (keine) -- C:\Program Files (x86)\rsodf.dll
[2012.02.22 20:29:11 | 005,762,024 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTextDLL01.DLL
[2012.02.22 20:29:10 | 000,466,032 | ---- | C] (Buhl Tax Service, Hannover) -- C:\Program Files (x86)\rspatcher.exe
[2012.02.22 20:29:09 | 002,786,416 | ---- | C] (Buhl Tax Service GmbH, Hannover) -- C:\Program Files (x86)\rspatch.exe
[2012.02.22 20:29:03 | 000,237,056 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\ssleay32.dll
[2012.02.22 20:29:02 | 001,153,024 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\libeay32.dll
[2012.02.22 20:29:02 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012.02.22 20:29:02 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012.02.22 20:29:01 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\gdiplus.dll
[2012.02.22 20:28:51 | 001,061,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2011.11.28 12:23:24 | 005,748,816 | ---- | C] (soft Xpansion) -- C:\Program Files (x86)\sx-pdf-lib.dll
[2011.11.28 12:22:36 | 005,233,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\documentformat.openxml.dll
[2010.02.11 12:09:16 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc9SP1KB973552redist_x86.exe
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Ich\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Ich\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\bass.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.26 13:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 13:41:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.26 13:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.26 13:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.26 12:54:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.25 14:35:49 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 14:35:49 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 14:28:00 | 2133,860,351 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.24 21:05:23 | 000,019,875 | ---- | M] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 03:58:47 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 03:58:47 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 03:58:47 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 03:58:47 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 03:58:16 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.14 08:03:00 | 000,417,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.09 22:46:19 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 22:46:19 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 12:56:11 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.04 12:56:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.04 12:56:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.01 12:49:17 | 000,263,391 | ---- | M] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
[2013.01.28 21:26:18 | 000,180,248 | ---- | M] () -- C:\Users\Ich\Desktop\Kinderhautarzt.pdf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.24 21:05:23 | 000,019,875 | ---- | C] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:16 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.01 12:49:17 | 000,263,391 | ---- | C] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
[2013.01.28 21:26:18 | 000,180,248 | ---- | C] () -- C:\Users\Ich\Desktop\Kinderhautarzt.pdf
[2013.01.21 13:54:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.11.28 13:37:01 | 000,000,291 | ---- | C] () -- C:\Users\Ich\AppData\Local\config.ini
[2012.11.28 12:26:08 | 000,000,879 | ---- | C] () -- C:\Users\Ich\AppData\Local\recently-used.xbel
[2012.07.28 09:57:01 | 039,172,817 | ---- | C] () -- C:\Program Files (x86)\ev20120524.rtp
[2012.07.28 09:57:01 | 000,001,966 | ---- | C] () -- C:\Program Files (x86)\WWPATCH.CTL
[2012.07.28 09:57:01 | 000,000,251 | ---- | C] () -- C:\Program Files (x86)\default.rtp
[2012.02.22 20:32:48 | 000,001,035 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.22 20:32:21 | 000,325,337 | ---- | C] () -- C:\Program Files (x86)\tx.config.xml
[2012.02.22 20:32:18 | 019,326,576 | ---- | C] () -- C:\Program Files (x86)\upgradeT.exe
[2012.02.22 20:32:17 | 000,537,240 | ---- | C] () -- C:\Program Files (x86)\taxaktuell.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\zulage2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_umsatzsteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_gewerbesteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\stman2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\steuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\splan2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\freibetrag2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\feststellung2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\fahrt2012.exe
[2012.02.22 20:32:17 | 000,109,056 | ---- | C] () -- C:\Program Files (x86)\taxhilfe.exe
[2012.02.22 20:32:16 | 000,440,807 | ---- | C] () -- C:\Program Files (x86)\konfigurator_verheiratet.v2011
[2012.02.22 20:32:16 | 000,407,074 | ---- | C] () -- C:\Program Files (x86)\konfigurator_ledig.v2011
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_anmeldesteuern2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\bruttonetto2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\beleg2012.exe
[2012.02.22 20:32:16 | 000,000,147 | ---- | C] () -- C:\Program Files (x86)\helpdesk.cfg
[2012.02.22 20:32:13 | 009,381,888 | ---- | C] () -- C:\Program Files (x86)\wstyle512.rsc
[2012.02.22 20:32:12 | 000,899,072 | ---- | C] () -- C:\Program Files (x86)\wfrm212.rsc
[2012.02.22 20:32:12 | 000,133,120 | ---- | C] () -- C:\Program Files (x86)\wfrm712.rsc
[2012.02.22 20:32:12 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\wfrm612.rsc
[2012.02.22 20:32:10 | 005,415,936 | ---- | C] () -- C:\Program Files (x86)\wfrm512.rsc
[2012.02.22 20:32:10 | 000,353,576 | ---- | C] () -- C:\Program Files (x86)\cdcheck.exe
[2012.02.22 20:32:10 | 000,239,616 | ---- | C] () -- C:\Program Files (x86)\wfrm412.rsc
[2012.02.22 20:32:10 | 000,233,472 | ---- | C] () -- C:\Program Files (x86)\wfrm112.rsc
[2012.02.22 20:32:10 | 000,138,240 | ---- | C] () -- C:\Program Files (x86)\wfrm312.rsc
[2012.02.22 20:32:10 | 000,010,240 | ---- | C] () -- C:\Program Files (x86)\wdict512.rsc
[2012.02.22 20:31:36 | 000,088,064 | ---- | C] () -- C:\Program Files (x86)\whelpust12.rsc
[2012.02.22 20:31:36 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\whelpstpl12.rsc
[2012.02.22 20:31:36 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\whelpzmz12.rsc
[2012.02.22 20:31:36 | 000,018,432 | ---- | C] () -- C:\Program Files (x86)\whelpva12.rsc
[2012.02.22 20:31:36 | 000,015,360 | ---- | C] () -- C:\Program Files (x86)\whelpzmm12.rsc
[2012.02.22 20:31:35 | 000,731,136 | ---- | C] () -- C:\Program Files (x86)\whelplos12.rsc
[2012.02.22 20:31:35 | 000,350,208 | ---- | C] () -- C:\Program Files (x86)\whelpgef12.rsc
[2012.02.22 20:31:35 | 000,242,688 | ---- | C] () -- C:\Program Files (x86)\whelpeue12.rsc
[2012.02.22 20:31:35 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\whelpehz12.rsc
[2012.02.22 20:31:35 | 000,036,864 | ---- | C] () -- C:\Program Files (x86)\whelpiz12.rsc
[2012.02.22 20:31:35 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\whelpmv12.rsc
[2012.02.22 20:31:35 | 000,026,624 | ---- | C] () -- C:\Program Files (x86)\whelpgst12.rsc
[2012.02.22 20:31:35 | 000,011,264 | ---- | C] () -- C:\Program Files (x86)\whelpbel12.rsc
[2012.02.22 20:31:22 | 037,244,928 | ---- | C] () -- C:\Program Files (x86)\whelpurt12.rsc
[2012.02.22 20:31:22 | 000,229,376 | ---- | C] () -- C:\Program Files (x86)\whelptt12.rsc
[2012.02.22 20:31:21 | 000,074,752 | ---- | C] () -- C:\Program Files (x86)\whelpmbr12.rsc
[2012.02.22 20:31:17 | 011,043,840 | ---- | C] () -- C:\Program Files (x86)\whelpges12.rsc
[2012.02.22 20:31:17 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\whelpfaq12.rsc
[2012.02.22 20:31:15 | 001,296,384 | ---- | C] () -- C:\Program Files (x86)\whelpest12.rsc
[2012.02.22 20:31:14 | 000,565,248 | ---- | C] () -- C:\Program Files (x86)\whelpbfh12.rsc
[2012.02.22 20:31:14 | 000,349,184 | ---- | C] () -- C:\Program Files (x86)\whelpabc12.rsc
[2012.02.22 20:31:14 | 000,064,512 | ---- | C] () -- C:\Program Files (x86)\whelpfabu12.rsc
[2012.02.22 20:31:14 | 000,062,464 | ---- | C] () -- C:\Program Files (x86)\whelpbnr12.rsc
[2012.02.22 20:29:18 | 000,037,376 | ---- | C] () -- C:\Program Files (x86)\rsericp.dll
[2012.02.22 20:29:12 | 000,182,643 | ---- | C] () -- C:\Program Files (x86)\buttons.pcc
[2012.02.22 20:29:11 | 000,000,040 | ---- | C] () -- C:\Program Files (x86)\WPTDynInt.lic
[2012.02.22 20:29:10 | 003,495,648 | ---- | C] () -- C:\Program Files (x86)\rssysteminfo.exe
[2012.02.22 20:29:09 | 000,319,640 | ---- | C] () -- C:\Program Files (x86)\rsguiwinapi47.dll
[2012.02.22 20:29:09 | 000,275,096 | ---- | C] () -- C:\Program Files (x86)\rscorewinapi47.dll
[2012.02.22 20:29:09 | 000,271,872 | ---- | C] () -- C:\Program Files (x86)\phononrs47.dll
[2012.02.22 20:29:09 | 000,230,752 | ---- | C] () -- C:\Program Files (x86)\patchw32.dll
[2012.02.22 20:29:09 | 000,135,832 | ---- | C] () -- C:\Program Files (x86)\rsodbc47.dll
[2012.02.22 20:29:09 | 000,028,672 | ---- | C] () -- C:\Program Files (x86)\rsdcom47.dll
[2012.02.22 20:29:08 | 002,649,088 | ---- | C] () -- C:\Program Files (x86)\qtxmlpatternsrs47.dll
[2012.02.22 20:29:08 | 000,358,400 | ---- | C] () -- C:\Program Files (x86)\qtxmlrs47.dll
[2012.02.22 20:29:06 | 011,163,648 | ---- | C] () -- C:\Program Files (x86)\qtwebkitrs47.dll
[2012.02.22 20:29:06 | 001,340,416 | ---- | C] () -- C:\Program Files (x86)\qtscriptrs47.dll
[2012.02.22 20:29:06 | 000,720,896 | ---- | C] () -- C:\Program Files (x86)\qtsqlrs47.dll
[2012.02.22 20:29:06 | 000,281,088 | ---- | C] () -- C:\Program Files (x86)\qtsvgrs47.dll
[2012.02.22 20:29:06 | 000,108,544 | ---- | C] () -- C:\Program Files (x86)\qttestrs47.dll
[2012.02.22 20:29:05 | 000,990,208 | ---- | C] () -- C:\Program Files (x86)\qtnetworkrs47.dll
[2012.02.22 20:29:05 | 000,715,776 | ---- | C] () -- C:\Program Files (x86)\qtopenglrs47.dll
[2012.02.22 20:29:04 | 008,934,400 | ---- | C] () -- C:\Program Files (x86)\qtguirs47.dll
[2012.02.22 20:29:03 | 002,395,648 | ---- | C] () -- C:\Program Files (x86)\qt3supportrs47.dll
[2012.02.22 20:29:03 | 002,356,736 | ---- | C] () -- C:\Program Files (x86)\qtcorers47.dll
[2012.02.22 20:29:03 | 000,865,280 | ---- | C] () -- C:\Program Files (x86)\qtcluceners47.dll
[2012.02.22 20:29:02 | 000,415,744 | ---- | C] () -- C:\Program Files (x86)\whelpcnt12.rsc
[2012.02.22 20:29:02 | 000,395,264 | ---- | C] () -- C:\Program Files (x86)\whelptech12.rsc
[2012.02.22 20:29:00 | 002,704,384 | ---- | C] () -- C:\Program Files (x86)\wxml12.rsc
[2012.02.22 20:29:00 | 001,340,568 | ---- | C] () -- C:\Program Files (x86)\wwerb12.dll
[2012.02.22 20:28:59 | 002,181,120 | ---- | C] () -- C:\Program Files (x86)\wstyle12.rsc
[2012.02.22 20:28:59 | 001,647,768 | ---- | C] () -- C:\Program Files (x86)\wreli12.dll
[2012.02.22 20:28:59 | 001,547,928 | ---- | C] () -- C:\Program Files (x86)\wsteu12.dll
[2012.02.22 20:28:59 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\wsearch12.rsc
[2012.02.22 20:28:59 | 000,175,104 | ---- | C] () -- C:\Program Files (x86)\wnavitree12.rsc
[2012.02.22 20:28:59 | 000,147,456 | ---- | C] () -- C:\Program Files (x86)\woptions12.rsc
[2012.02.22 20:28:58 | 002,942,616 | ---- | C] () -- C:\Program Files (x86)\wmain12.dll
[2012.02.22 20:28:58 | 000,348,160 | ---- | C] () -- C:\Program Files (x86)\wmisc12.rsc
[2012.02.22 20:28:58 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\wmenus12.rsc
[2012.02.22 20:28:57 | 006,524,056 | ---- | C] () -- C:\Program Files (x86)\wkont12.dll
[2012.02.22 20:28:57 | 001,170,944 | ---- | C] () -- C:\Program Files (x86)\wimp12.dll
[2012.02.22 20:28:57 | 001,150,104 | ---- | C] () -- C:\Program Files (x86)\whau212.dll
[2012.02.22 20:28:56 | 001,138,840 | ---- | C] () -- C:\Program Files (x86)\whau112.dll
[2012.02.22 20:28:55 | 007,946,392 | ---- | C] () -- C:\Program Files (x86)\wgui12.dll
[2012.02.22 20:28:55 | 002,020,504 | ---- | C] () -- C:\Program Files (x86)\wfvie12.dll
[2012.02.22 20:28:55 | 000,135,168 | ---- | C] () -- C:\Program Files (x86)\wfanl12.rsc
[2012.02.22 20:28:54 | 003,002,520 | ---- | C] () -- C:\Program Files (x86)\wcore12.dll
[2012.02.22 20:28:54 | 001,491,096 | ---- | C] () -- C:\Program Files (x86)\wbae412.dll
[2012.02.22 20:28:54 | 001,309,848 | ---- | C] () -- C:\Program Files (x86)\wfabu12.dll
[2012.02.22 20:28:54 | 000,059,392 | ---- | C] () -- C:\Program Files (x86)\wdict12.rsc
[2012.02.22 20:28:54 | 000,029,696 | ---- | C] () -- C:\Program Files (x86)\wcmds12.rsc
[2012.02.22 20:28:53 | 001,918,616 | ---- | C] () -- C:\Program Files (x86)\wbae312.dll
[2012.02.22 20:28:53 | 001,359,000 | ---- | C] () -- C:\Program Files (x86)\wbae212.dll
[2012.02.22 20:28:52 | 004,616,856 | ---- | C] () -- C:\Program Files (x86)\wbae112.dll
[2012.02.22 20:28:52 | 004,451,992 | ---- | C] () -- C:\Program Files (x86)\wauff12.dll
[2012.02.22 20:28:52 | 000,012,288 | ---- | C] () -- C:\Program Files (x86)\wauff12.rsc
[2012.02.22 20:28:51 | 001,077,248 | ---- | C] () -- C:\Program Files (x86)\wanl12.rsc
[2012.02.22 20:28:51 | 000,794,624 | ---- | C] () -- C:\Program Files (x86)\wimp12.db3
[2012.02.22 20:28:43 | 015,691,776 | ---- | C] () -- C:\Program Files (x86)\main12.db3
[2012.02.07 17:07:20 | 002,984,960 | ---- | C] () -- C:\Program Files (x86)\ericfelder.db3
[2012.01.24 14:22:34 | 000,279,552 | ---- | C] () -- C:\Program Files (x86)\kont12.db3
[2012.01.24 14:22:34 | 000,082,944 | ---- | C] () -- C:\Program Files (x86)\fabu12.db3
[2011.11.28 12:24:20 | 000,001,092 | ---- | C] () -- C:\Program Files (x86)\sx-pdf-lib.license
[2011.11.28 12:22:16 | 000,630,272 | ---- | C] () -- C:\Program Files (x86)\stdcolors.dat
[2011.11.28 12:22:16 | 000,539,136 | ---- | C] () -- C:\Program Files (x86)\stdfonts.dat
[2011.11.28 12:22:16 | 000,132,096 | ---- | C] () -- C:\Program Files (x86)\stdannots.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Ich\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Ich\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.28 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\7-PDFSplitMerge
[2013.02.25 12:14:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Acuq
[2012.06.27 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Amazon
[2012.02.22 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Buhl Data Service
[2013.02.22 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Exhyp
[2013.02.25 10:10:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Idrevu
[2013.02.25 10:07:01 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Ifez
[2012.03.19 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IGC
[2013.02.24 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Iggii
[2013.02.22 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Lopk
[2012.01.30 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia
[2012.01.30 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia Suite
[2012.05.29 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\PC Suite
[2012.11.05 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\pdfforge
[2012.05.30 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Samsung
[2012.11.05 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\VideoConverterPackages
[2013.02.25 10:14:58 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Yphyry
 
========== Purity Check ==========
 
 

< End of report >
         
Hier noch Extras:
Code:
ATTFilter
OTL Extras logfile created on: 26.02.2013 13:44:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,97 Gb Available Physical Memory | 87,33% Memory free
15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 481,29 Gb Free Space | 51,67% Space Free | Partition Type: NTFS
Drive D: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,64% Space Free | Partition Type: FAT32
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F1AEC-02D0-45CA-965F-60484E6A3936}" = lport=137 | protocol=17 | dir=in | app=system | 
"{08B298F8-CF37-4E61-BB69-E4DBD2B39EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C46D76A-0551-4873-B076-277DB8EDD332}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12D21D2C-2F57-4628-9BCB-7F9E45F56935}" = lport=139 | protocol=6 | dir=in | app=system | 
"{15DCBB77-0E96-4D1D-B71E-F660525BBD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CEE0DE4-0EDD-4F97-B0A6-14B8A0E94A88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39E7AFB6-0BC5-4E31-BCC7-D3C0F4F60151}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{42D61907-9FF3-40AE-A883-F6EC2D20E3E7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4CD9C001-FC39-4D3F-A809-2AE1C3F2F7F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53587B3E-CA62-4E6A-933D-89D83BF53B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62BBFC84-5552-403A-B612-1DA75313E310}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6C230DA3-4723-4DC1-81CD-554AD297A7F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{79D193EB-A9C3-4385-B81F-00F625BAF8F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C75AD43-5283-4917-BE3E-0FB42CE2843B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95CCF9C1-0D28-41A6-B360-FAB05FB9153B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9F2B4043-94B0-4B8A-B470-000CA78CAB29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0B19584-EC71-4304-806F-B786F104583D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B01CBA96-6F80-41C0-93DC-DB82DAE50549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5F9A822-046A-4F5A-BA40-07602E672E57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA1EF199-A0EF-4CA1-B2E1-B8312ED9210F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE4A9349-C68F-4781-9527-50B105C13925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E1669FFD-7701-4681-9061-CF03BD5A8B58}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F5C2CCC7-2E8A-4125-952B-A5F5B9360289}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7237BA5-C682-4582-B79B-DCB3B8DB9629}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F7E44310-82E1-424A-AD45-8AAB17FE79F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD1EA830-30DB-482D-B32C-1A561E98C869}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058A6410-DED0-4CE5-94DA-C72662F9CA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0920A3D1-24B5-409C-94BB-53CC27BC0D85}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0A86D310-A323-4C0E-8BF6-CCC3DE240F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{19ABEF8F-E669-460B-8258-DAADC451F33D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{2168A2F9-7D38-4A5D-846B-3DC1EE483911}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{251783E6-CEF0-4F11-82F6-0EE51D948F31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C1F2592-D189-4D21-A188-221D7E1C3CC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{311CFBE1-3FB3-4B16-AA4C-88342FC63929}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{3442C925-E071-46A8-BEC0-6303880C2786}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{3C6B1EDB-5284-48F4-B711-E7B719F479D1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{3FDD4753-9DEA-42E5-A3EB-F26F0D88B15A}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{4366A16B-9D78-4CE8-9725-68FAB08074B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{46AAE60D-DF59-4761-87E1-75088A8A8BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{4A1430D4-8F20-4912-ACCF-C124610FF956}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{4DB4A900-EECB-41DC-8F00-5178D04EECD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5128C561-0E93-4261-9DFA-E30DA1A828DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58EB3777-6F75-4CE0-B699-CDDED0C96F54}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{59B4264C-7656-4907-93B8-E8D8D8E2770A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60967B96-B56E-407C-9575-0616F1A3BACD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{62AF430A-F9AC-4293-A2EC-C6128786AF23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6DEA5188-2DEF-4002-B82D-5E74F542EB10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F38A142-A939-4592-BFEA-214649CFA809}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74277108-31B3-45DC-8A88-DDC3D42F8DF9}" = protocol=6 | dir=out | app=system | 
"{7BC08BB2-002F-4BB0-8E5E-15EB81C55FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{7C816FE0-173D-42A8-8A7E-DC8390A016EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7DAAE5E6-B769-43C1-9B9F-332DD830BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{7E06817A-382E-49D0-932C-5674C019E0C7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8914C035-4420-4739-85A7-362C439E0E12}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8CAEB65D-094B-48E9-A681-4DF41B8C750B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{907A6B60-B842-49E9-9251-7B3A6F055658}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{ADE0E6E2-239F-42FB-BDF0-48F36BCF2ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5EBEA4E-2FA6-47E7-BED5-177189BDCD3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6AF50D0-31FC-4050-B1CA-16F39A2EC7B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB1FFC45-CCD5-4193-8508-F8613187D9C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB5DC8FA-0A9D-4017-BB1F-F81DA65B6B51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BE6A1F64-4282-4397-BBDE-85315C9C90A5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{C11E58F6-6B8D-4D08-B0CE-F36DD75AC9D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2A65488-114A-4F81-B3CC-5668E94C5D2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA454D2E-9D16-410F-A77A-D73ECDD92F7A}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{D0C10BC5-88D1-499D-A6C9-338120EFEEF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5FA3BDB-A0EC-4A0D-9EEA-27590979EF55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8F82EC4-6877-48B5-89B4-EC18B03AE8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{DCFD7AB1-B104-4809-9CDA-0C6FF0A1DCEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{E3495DDC-4F5F-43F0-AD9E-5B25D27A7E61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E62A8467-D57A-4C29-8360-34F5CC39DC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EAE8E771-EC60-4ED4-8A45-20C2A299BCFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC250733-3D90-4138-969F-B90BBF9514EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F275358E-555F-4E71-A9B4-AD51CD70C026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"TCP Query User{3BC4F508-D92D-46AC-A99D-4C3989BD30C5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{E2FE777A-4912-434B-96F9-DA4ACFBB4128}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"TCP Query User{FF8BB4A4-B310-4962-9356-197CA90C4CE8}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
"UDP Query User{02D7C4BB-1942-42DD-BBEF-8F095419502E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{67CE6BAC-A9C2-497C-8400-24A89AE468D3}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"UDP Query User{B15E242B-AC83-446E-831B-933EA0FF4239}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d7f3e9a-db7d-487e-b7f9-65e7fbe084f4}" = Nero 9 Essentials
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Split & Merge_is1" = 7-PDF Split & Merge Version 2.0.4 (Build 112)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.40
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1670 Series" = Samsung ML-1670 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WinLiveSuite" = Windows Live Essentials
"XFastUsb" = XFastUsb
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Video Converter" = Video Converter
"Video Converter Packages" = Video Converter Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 09:04:05 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1200    Startzeit:
 01cdf7d6e630a33d    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 051a4d82-63cb-11e2-9c04-002522c932d1  
 
Error - 21.01.2013 16:45:21 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm PDFArchitect.exe, Version 0.5.6.565 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1070    Startzeit: 01cdf817d468ae49    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\PDFCreator\PDFArchitect\PDFArchitect.exe    Berichts-ID: 747384b6-640b-11e2-9c04-002522c932d1

 
Error - 21.01.2013 16:57:51 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm PDFArchitect.exe, Version 0.5.6.565 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 55c    Startzeit: 01cdf81980d7a51c    Endzeit: 0    Anwendungspfad: C:\Program
 Files (x86)\PDFCreator\PDFArchitect\PDFArchitect.exe    Berichts-ID: 35a1d50e-640d-11e2-9c04-002522c932d1

 
Error - 21.01.2013 17:15:47 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm PDFArchitect.exe, Version 0.5.6.565 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1158    Startzeit: 01cdf81b422bf3fd    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\PDFCreator\PDFArchitect\PDFArchitect.exe    Berichts-ID: b5cdbaa4-640f-11e2-9c04-002522c932d1

 
Error - 04.02.2013 18:01:21 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b34    Startzeit:
 01ce03231f42bc61    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 6465cdd4-6f16-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:10 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11d0    Startzeit:
 01ce032791487971    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 c691729d-6f6f-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:21 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.2.3199,
 Zeitstempel: 0x4ee2440b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004029b  ID des fehlerhaften
 Prozesses: 0xd34  Startzeit der fehlerhaften Anwendung: 0x01ce037c8c4875cb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\winamp.exe  Berichtskennung: d051ca01-6f6f-11e2-b039-002522c932d1
 
Error - 05.02.2013 04:52:58 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: gen_ml.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4ee24417  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000133a7  ID des fehlerhaften
 Prozesses: 0xbd8  Startzeit der fehlerhaften Anwendung: 0x01ce037e18916c9a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll  Berichtskennung: 7027a49b-6f71-11e2-b039-002522c932d1
 
Error - 22.02.2013 15:00:29 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1198    Startzeit:
 01ce112d7fba1736    Endzeit: 80    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1af1d5ef-7d22-11e2-8090-002522c932d1  
 
Error - 22.02.2013 15:01:33 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e70    Startzeit: 
01ce112eebef34a2    Endzeit: 46    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 42020162-7d22-11e2-8090-002522c932d1  
 
[ System Events ]
Error - 04.08.2012 02:57:58 | Computer Name = Gustav | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
Die aswMBR hat leider Abgebrochen. Hier ein Bild dazu:

Ein scann mit abgeschaltetem Antivir brachte keine Besserung.
Inzwischen sind auch wieder Firewallmeldungen aufgetaucht.

Mit freundlichen Grüßen,

Maik
__________________
Miniaturansicht angehängter Grafiken
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)-abbruch.jpg  

Alt 27.02.2013, 06:25   #4
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Wähle unten links bei "av scan" die Option "no av scan" und versuche es erneut.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.02.2013, 09:45   #5
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Moin Marius,

ja ohne AV scan ist es durchgelaufen:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-27 09:35:29
-----------------------------
09:35:29.851    OS Version: Windows x64 6.1.7601 Service Pack 1
09:35:29.851    Number of processors: 4 586 0x2A07
09:35:29.866    ComputerName: GUSTAV  UserName: Ich
09:35:31.130    Initialize success
09:35:40.194    AVAST engine defs: 13022600
09:36:02.299    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:36:02.299    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
09:36:02.314    Disk 0 MBR read successfully
09:36:02.314    Disk 0 MBR scan
09:36:02.330    Disk 0 Windows 7 default MBR code
09:36:02.330    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953866 MB offset 2048
09:36:02.361    Disk 0 scanning C:\Windows\system32\drivers
09:36:15.668    Service scanning
09:36:42.001    Modules scanning
09:36:42.001    Disk 0 trace - called modules:
09:36:42.017    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:36:42.017    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009389060]
09:36:42.017    3 CLASSPNP.SYS[fffff88000dc043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007413050]
09:36:42.032    Scan finished successfully
09:37:01.543    Disk 0 MBR has been saved successfully to "C:\Users\Ich\Desktop\MBR.dat"
09:37:01.543    The log file has been saved successfully to "C:\Users\Ich\Desktop\aswMBR.txt"
         


Alt 27.02.2013, 11:39   #6
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



OTL-Fix


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [brtjzlry] C:\Users\Ich\AppData\Roaming\Lopk\fihjnzlry.exe ()
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [oxshjmxw] C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe ()
[2013.02.25 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Acuq
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Yphyry
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Ifez
[2013.02.25 10:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Idrevu
[2013.02.22 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Exhyp
[2013.02.22 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Iggii
[2013.02.22 19:54:34 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Lopk
:COMMANDS
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)

Alt 27.02.2013, 12:00   #7
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

Hat alles soweit funktioniert (Antivir hat wärend des Fix diverse Virenwarnungen gezeigt)

Hier das File
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Run\\brtjzlry deleted successfully.
C:\Users\Ich\AppData\Roaming\Lopk\fihjnzlry.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Run\\oxshjmxw deleted successfully.
File move failed. C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe scheduled to be moved on reboot.
C:\Users\Ich\AppData\Roaming\Acuq folder moved successfully.
C:\Users\Ich\AppData\Roaming\Yphyry folder moved successfully.
C:\Users\Ich\AppData\Roaming\Ifez folder moved successfully.
C:\Users\Ich\AppData\Roaming\Idrevu folder moved successfully.
C:\Users\Ich\AppData\Roaming\Exhyp folder moved successfully.
C:\Users\Ich\AppData\Roaming\Iggii folder moved successfully.
C:\Users\Ich\AppData\Roaming\Lopk folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ich
->Temp folder emptied: 558898259 bytes
->Temporary Internet Files folder emptied: 215683232 bytes
->Java cache emptied: 50336 bytes
->FireFox cache emptied: 138098832 bytes
->Google Chrome cache emptied: 74300304 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 315740096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 400549206 bytes
 
Total Files Cleaned = 1.625,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272013_115117

Files\Folders moved on Reboot...
C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe moved successfully.
File\Folder C:\Users\Ich\AppData\Local\Temp\OICE_3E8E5A85-10D8-409F-9E34-1BB65753A2C2.0\46A1CE16. not found!
C:\Users\Ich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 27.02.2013, 12:11   #8
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Schritt 1. adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




Schritt 2: Neues OTL-Log

  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.02.2013, 12:40   #9
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

Lief alles Porblemlos.
ADWCleaner:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 27/02/2013 um 12:16:14 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ich - GUSTAV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ich\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Ich\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\udolovn7.default\prefs.js

C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\udolovn7.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2304 octets] - [27/02/2013 12:16:14]

########## EOF - C:\AdwCleaner[S1].txt - [2364 octets] ##########
         
OTL Datei:
Code:
ATTFilter
OTL logfile created on: 27.02.2013 12:21:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,39% Memory free
15,96 Gb Paging File | 14,43 Gb Available in Paging File | 90,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 484,04 Gb Free Space | 51,96% Space Free | Partition Type: NTFS
Drive D: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,55% Space Free | Partition Type: FAT32
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ich\AppData\Roaming\Tyihek\erzo.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 C9 DA AB 96 D0 CC 01  [binary data]
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{9E677005-0C17-4053-B24D-B5D1D048446E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
 
[2012.01.11 21:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Extensions
[2013.01.10 18:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Firefox\Profiles\udolovn7.default\extensions
[2013.02.20 10:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 10:38:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.29 11:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:12:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.29 11:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.29 11:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.29 11:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.29 11:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [Icodyf] C:\Users\Ich\AppData\Roaming\Tyihek\erzo.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [oxshjmxw] C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61575A0-B03C-4451-926B-C369B4992AB6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 11:51:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.26 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Tyihek
[2013.02.26 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Imes
[2013.02.26 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Agoke
[2013.02.26 14:03:06 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ich\Desktop\aswMBR.exe
[2013.02.26 13:43:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.23 23:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.02.23 23:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.02.23 04:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Malwarebytes
[2013.02.23 03:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 03:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 03:58:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 03:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.20 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 00:17:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 00:17:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 00:17:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 00:17:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 00:17:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 00:17:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 00:17:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 00:17:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 00:17:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 00:17:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 00:17:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 00:17:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 00:17:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 00:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 00:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:50:12 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:50:12 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:50:11 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:50:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:50:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:50:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:50:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:50:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:50:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:50:03 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.04 12:56:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.04 12:56:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.02.22 20:32:17 | 003,412,912 | ---- | C] (TeamViewer GmbH) -- C:\Program Files (x86)\buhlqs_de.exe
[2012.02.22 20:29:20 | 001,824,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files (x86)\xerces.dll
[2012.02.22 20:29:18 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc2008sp1redist_x86.exe
[2012.02.22 20:29:18 | 001,153,024 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icuuc44.dll
[2012.02.22 20:29:18 | 000,148,992 | ---- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files (x86)\log4cpp.dll
[2012.02.22 20:29:18 | 000,146,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\tmcrypt.dll
[2012.02.22 20:29:15 | 014,930,944 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icudt44.dll
[2012.02.22 20:29:15 | 001,943,040 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericxml.dll
[2012.02.22 20:29:15 | 001,185,280 | ---- | C] (Olaf Stüben) -- C:\Program Files (x86)\fa_xml.dll
[2012.02.22 20:29:15 | 001,025,536 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericutil.dll
[2012.02.22 20:29:14 | 003,172,352 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericprint.dll
[2012.02.22 20:29:14 | 001,544,704 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\erictransfer.dll
[2012.02.22 20:29:14 | 000,978,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericcrypt.dll
[2012.02.22 20:29:14 | 000,331,264 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericplugin.dll
[2012.02.22 20:29:14 | 000,144,896 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericio.dll
[2012.02.22 20:29:13 | 005,016,576 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericbasis.dll
[2012.02.22 20:29:13 | 002,392,064 | ---- | C] (secunet Security Networks AG) -- C:\Program Files (x86)\esigner.dll
[2012.02.22 20:29:13 | 000,864,768 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericapi.dll
[2012.02.22 20:29:13 | 000,256,000 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericanm.dll
[2012.02.22 20:29:12 | 000,738,792 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTDynInt.ocx
[2012.02.22 20:29:12 | 000,024,576 | ---- | C] (keine) -- C:\Program Files (x86)\rsodf.dll
[2012.02.22 20:29:11 | 005,762,024 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTextDLL01.DLL
[2012.02.22 20:29:10 | 000,466,032 | ---- | C] (Buhl Tax Service, Hannover) -- C:\Program Files (x86)\rspatcher.exe
[2012.02.22 20:29:09 | 002,786,416 | ---- | C] (Buhl Tax Service GmbH, Hannover) -- C:\Program Files (x86)\rspatch.exe
[2012.02.22 20:29:03 | 000,237,056 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\ssleay32.dll
[2012.02.22 20:29:02 | 001,153,024 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\libeay32.dll
[2012.02.22 20:29:02 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012.02.22 20:29:02 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012.02.22 20:29:01 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\gdiplus.dll
[2012.02.22 20:28:51 | 001,061,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2011.11.28 12:23:24 | 005,748,816 | ---- | C] (soft Xpansion) -- C:\Program Files (x86)\sx-pdf-lib.dll
[2011.11.28 12:22:36 | 005,233,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\documentformat.openxml.dll
[2010.02.11 12:09:16 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc9SP1KB973552redist_x86.exe
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Ich\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Ich\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 12:25:34 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 12:25:34 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 12:18:07 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 12:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 12:17:46 | 2133,860,351 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.27 12:13:56 | 000,594,019 | ---- | M] () -- C:\Users\Ich\Desktop\adwcleaner.exe
[2013.02.27 11:49:28 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 11:49:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 09:37:01 | 000,000,512 | ---- | M] () -- C:\Users\Ich\Desktop\MBR.dat
[2013.02.26 13:40:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ich\Desktop\aswMBR.exe
[2013.02.26 13:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.24 21:05:23 | 000,019,875 | ---- | M] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 03:58:47 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 03:58:47 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 03:58:47 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 03:58:47 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 03:58:16 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.14 08:03:00 | 000,417,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.09 22:46:19 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 22:46:19 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 12:56:11 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.04 12:56:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.04 12:56:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.01 12:49:17 | 000,263,391 | ---- | M] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
[2013.01.28 21:26:18 | 000,180,248 | ---- | M] () -- C:\Users\Ich\Desktop\Kinderhautarzt.pdf
 
========== Files Created - No Company Name ==========
 
[2013.02.27 12:15:49 | 000,594,019 | ---- | C] () -- C:\Users\Ich\Desktop\adwcleaner.exe
[2013.02.27 09:37:01 | 000,000,512 | ---- | C] () -- C:\Users\Ich\Desktop\MBR.dat
[2013.02.24 21:05:23 | 000,019,875 | ---- | C] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:16 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.01 12:49:17 | 000,263,391 | ---- | C] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
[2013.01.28 21:26:18 | 000,180,248 | ---- | C] () -- C:\Users\Ich\Desktop\Kinderhautarzt.pdf
[2013.01.21 13:54:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.11.28 13:37:01 | 000,000,291 | ---- | C] () -- C:\Users\Ich\AppData\Local\config.ini
[2012.11.28 12:26:08 | 000,000,879 | ---- | C] () -- C:\Users\Ich\AppData\Local\recently-used.xbel
[2012.07.28 09:57:01 | 039,172,817 | ---- | C] () -- C:\Program Files (x86)\ev20120524.rtp
[2012.07.28 09:57:01 | 000,001,966 | ---- | C] () -- C:\Program Files (x86)\WWPATCH.CTL
[2012.07.28 09:57:01 | 000,000,251 | ---- | C] () -- C:\Program Files (x86)\default.rtp
[2012.02.22 20:32:48 | 000,001,035 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.22 20:32:21 | 000,325,337 | ---- | C] () -- C:\Program Files (x86)\tx.config.xml
[2012.02.22 20:32:18 | 019,326,576 | ---- | C] () -- C:\Program Files (x86)\upgradeT.exe
[2012.02.22 20:32:17 | 000,537,240 | ---- | C] () -- C:\Program Files (x86)\taxaktuell.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\zulage2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_umsatzsteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_gewerbesteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\stman2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\steuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\splan2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\freibetrag2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\feststellung2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\fahrt2012.exe
[2012.02.22 20:32:17 | 000,109,056 | ---- | C] () -- C:\Program Files (x86)\taxhilfe.exe
[2012.02.22 20:32:16 | 000,440,807 | ---- | C] () -- C:\Program Files (x86)\konfigurator_verheiratet.v2011
[2012.02.22 20:32:16 | 000,407,074 | ---- | C] () -- C:\Program Files (x86)\konfigurator_ledig.v2011
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_anmeldesteuern2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\bruttonetto2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\beleg2012.exe
[2012.02.22 20:32:16 | 000,000,147 | ---- | C] () -- C:\Program Files (x86)\helpdesk.cfg
[2012.02.22 20:32:13 | 009,381,888 | ---- | C] () -- C:\Program Files (x86)\wstyle512.rsc
[2012.02.22 20:32:12 | 000,899,072 | ---- | C] () -- C:\Program Files (x86)\wfrm212.rsc
[2012.02.22 20:32:12 | 000,133,120 | ---- | C] () -- C:\Program Files (x86)\wfrm712.rsc
[2012.02.22 20:32:12 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\wfrm612.rsc
[2012.02.22 20:32:10 | 005,415,936 | ---- | C] () -- C:\Program Files (x86)\wfrm512.rsc
[2012.02.22 20:32:10 | 000,353,576 | ---- | C] () -- C:\Program Files (x86)\cdcheck.exe
[2012.02.22 20:32:10 | 000,239,616 | ---- | C] () -- C:\Program Files (x86)\wfrm412.rsc
[2012.02.22 20:32:10 | 000,233,472 | ---- | C] () -- C:\Program Files (x86)\wfrm112.rsc
[2012.02.22 20:32:10 | 000,138,240 | ---- | C] () -- C:\Program Files (x86)\wfrm312.rsc
[2012.02.22 20:32:10 | 000,010,240 | ---- | C] () -- C:\Program Files (x86)\wdict512.rsc
[2012.02.22 20:31:36 | 000,088,064 | ---- | C] () -- C:\Program Files (x86)\whelpust12.rsc
[2012.02.22 20:31:36 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\whelpstpl12.rsc
[2012.02.22 20:31:36 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\whelpzmz12.rsc
[2012.02.22 20:31:36 | 000,018,432 | ---- | C] () -- C:\Program Files (x86)\whelpva12.rsc
[2012.02.22 20:31:36 | 000,015,360 | ---- | C] () -- C:\Program Files (x86)\whelpzmm12.rsc
[2012.02.22 20:31:35 | 000,731,136 | ---- | C] () -- C:\Program Files (x86)\whelplos12.rsc
[2012.02.22 20:31:35 | 000,350,208 | ---- | C] () -- C:\Program Files (x86)\whelpgef12.rsc
[2012.02.22 20:31:35 | 000,242,688 | ---- | C] () -- C:\Program Files (x86)\whelpeue12.rsc
[2012.02.22 20:31:35 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\whelpehz12.rsc
[2012.02.22 20:31:35 | 000,036,864 | ---- | C] () -- C:\Program Files (x86)\whelpiz12.rsc
[2012.02.22 20:31:35 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\whelpmv12.rsc
[2012.02.22 20:31:35 | 000,026,624 | ---- | C] () -- C:\Program Files (x86)\whelpgst12.rsc
[2012.02.22 20:31:35 | 000,011,264 | ---- | C] () -- C:\Program Files (x86)\whelpbel12.rsc
[2012.02.22 20:31:22 | 037,244,928 | ---- | C] () -- C:\Program Files (x86)\whelpurt12.rsc
[2012.02.22 20:31:22 | 000,229,376 | ---- | C] () -- C:\Program Files (x86)\whelptt12.rsc
[2012.02.22 20:31:21 | 000,074,752 | ---- | C] () -- C:\Program Files (x86)\whelpmbr12.rsc
[2012.02.22 20:31:17 | 011,043,840 | ---- | C] () -- C:\Program Files (x86)\whelpges12.rsc
[2012.02.22 20:31:17 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\whelpfaq12.rsc
[2012.02.22 20:31:15 | 001,296,384 | ---- | C] () -- C:\Program Files (x86)\whelpest12.rsc
[2012.02.22 20:31:14 | 000,565,248 | ---- | C] () -- C:\Program Files (x86)\whelpbfh12.rsc
[2012.02.22 20:31:14 | 000,349,184 | ---- | C] () -- C:\Program Files (x86)\whelpabc12.rsc
[2012.02.22 20:31:14 | 000,064,512 | ---- | C] () -- C:\Program Files (x86)\whelpfabu12.rsc
[2012.02.22 20:31:14 | 000,062,464 | ---- | C] () -- C:\Program Files (x86)\whelpbnr12.rsc
[2012.02.22 20:29:18 | 000,037,376 | ---- | C] () -- C:\Program Files (x86)\rsericp.dll
[2012.02.22 20:29:12 | 000,182,643 | ---- | C] () -- C:\Program Files (x86)\buttons.pcc
[2012.02.22 20:29:11 | 000,000,040 | ---- | C] () -- C:\Program Files (x86)\WPTDynInt.lic
[2012.02.22 20:29:10 | 003,495,648 | ---- | C] () -- C:\Program Files (x86)\rssysteminfo.exe
[2012.02.22 20:29:09 | 000,319,640 | ---- | C] () -- C:\Program Files (x86)\rsguiwinapi47.dll
[2012.02.22 20:29:09 | 000,275,096 | ---- | C] () -- C:\Program Files (x86)\rscorewinapi47.dll
[2012.02.22 20:29:09 | 000,271,872 | ---- | C] () -- C:\Program Files (x86)\phononrs47.dll
[2012.02.22 20:29:09 | 000,230,752 | ---- | C] () -- C:\Program Files (x86)\patchw32.dll
[2012.02.22 20:29:09 | 000,135,832 | ---- | C] () -- C:\Program Files (x86)\rsodbc47.dll
[2012.02.22 20:29:09 | 000,028,672 | ---- | C] () -- C:\Program Files (x86)\rsdcom47.dll
[2012.02.22 20:29:08 | 002,649,088 | ---- | C] () -- C:\Program Files (x86)\qtxmlpatternsrs47.dll
[2012.02.22 20:29:08 | 000,358,400 | ---- | C] () -- C:\Program Files (x86)\qtxmlrs47.dll
[2012.02.22 20:29:06 | 011,163,648 | ---- | C] () -- C:\Program Files (x86)\qtwebkitrs47.dll
[2012.02.22 20:29:06 | 001,340,416 | ---- | C] () -- C:\Program Files (x86)\qtscriptrs47.dll
[2012.02.22 20:29:06 | 000,720,896 | ---- | C] () -- C:\Program Files (x86)\qtsqlrs47.dll
[2012.02.22 20:29:06 | 000,281,088 | ---- | C] () -- C:\Program Files (x86)\qtsvgrs47.dll
[2012.02.22 20:29:06 | 000,108,544 | ---- | C] () -- C:\Program Files (x86)\qttestrs47.dll
[2012.02.22 20:29:05 | 000,990,208 | ---- | C] () -- C:\Program Files (x86)\qtnetworkrs47.dll
[2012.02.22 20:29:05 | 000,715,776 | ---- | C] () -- C:\Program Files (x86)\qtopenglrs47.dll
[2012.02.22 20:29:04 | 008,934,400 | ---- | C] () -- C:\Program Files (x86)\qtguirs47.dll
[2012.02.22 20:29:03 | 002,395,648 | ---- | C] () -- C:\Program Files (x86)\qt3supportrs47.dll
[2012.02.22 20:29:03 | 002,356,736 | ---- | C] () -- C:\Program Files (x86)\qtcorers47.dll
[2012.02.22 20:29:03 | 000,865,280 | ---- | C] () -- C:\Program Files (x86)\qtcluceners47.dll
[2012.02.22 20:29:02 | 000,415,744 | ---- | C] () -- C:\Program Files (x86)\whelpcnt12.rsc
[2012.02.22 20:29:02 | 000,395,264 | ---- | C] () -- C:\Program Files (x86)\whelptech12.rsc
[2012.02.22 20:29:00 | 002,704,384 | ---- | C] () -- C:\Program Files (x86)\wxml12.rsc
[2012.02.22 20:29:00 | 001,340,568 | ---- | C] () -- C:\Program Files (x86)\wwerb12.dll
[2012.02.22 20:28:59 | 002,181,120 | ---- | C] () -- C:\Program Files (x86)\wstyle12.rsc
[2012.02.22 20:28:59 | 001,647,768 | ---- | C] () -- C:\Program Files (x86)\wreli12.dll
[2012.02.22 20:28:59 | 001,547,928 | ---- | C] () -- C:\Program Files (x86)\wsteu12.dll
[2012.02.22 20:28:59 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\wsearch12.rsc
[2012.02.22 20:28:59 | 000,175,104 | ---- | C] () -- C:\Program Files (x86)\wnavitree12.rsc
[2012.02.22 20:28:59 | 000,147,456 | ---- | C] () -- C:\Program Files (x86)\woptions12.rsc
[2012.02.22 20:28:58 | 002,942,616 | ---- | C] () -- C:\Program Files (x86)\wmain12.dll
[2012.02.22 20:28:58 | 000,348,160 | ---- | C] () -- C:\Program Files (x86)\wmisc12.rsc
[2012.02.22 20:28:58 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\wmenus12.rsc
[2012.02.22 20:28:57 | 006,524,056 | ---- | C] () -- C:\Program Files (x86)\wkont12.dll
[2012.02.22 20:28:57 | 001,170,944 | ---- | C] () -- C:\Program Files (x86)\wimp12.dll
[2012.02.22 20:28:57 | 001,150,104 | ---- | C] () -- C:\Program Files (x86)\whau212.dll
[2012.02.22 20:28:56 | 001,138,840 | ---- | C] () -- C:\Program Files (x86)\whau112.dll
[2012.02.22 20:28:55 | 007,946,392 | ---- | C] () -- C:\Program Files (x86)\wgui12.dll
[2012.02.22 20:28:55 | 002,020,504 | ---- | C] () -- C:\Program Files (x86)\wfvie12.dll
[2012.02.22 20:28:55 | 000,135,168 | ---- | C] () -- C:\Program Files (x86)\wfanl12.rsc
[2012.02.22 20:28:54 | 003,002,520 | ---- | C] () -- C:\Program Files (x86)\wcore12.dll
[2012.02.22 20:28:54 | 001,491,096 | ---- | C] () -- C:\Program Files (x86)\wbae412.dll
[2012.02.22 20:28:54 | 001,309,848 | ---- | C] () -- C:\Program Files (x86)\wfabu12.dll
[2012.02.22 20:28:54 | 000,059,392 | ---- | C] () -- C:\Program Files (x86)\wdict12.rsc
[2012.02.22 20:28:54 | 000,029,696 | ---- | C] () -- C:\Program Files (x86)\wcmds12.rsc
[2012.02.22 20:28:53 | 001,918,616 | ---- | C] () -- C:\Program Files (x86)\wbae312.dll
[2012.02.22 20:28:53 | 001,359,000 | ---- | C] () -- C:\Program Files (x86)\wbae212.dll
[2012.02.22 20:28:52 | 004,616,856 | ---- | C] () -- C:\Program Files (x86)\wbae112.dll
[2012.02.22 20:28:52 | 004,451,992 | ---- | C] () -- C:\Program Files (x86)\wauff12.dll
[2012.02.22 20:28:52 | 000,012,288 | ---- | C] () -- C:\Program Files (x86)\wauff12.rsc
[2012.02.22 20:28:51 | 001,077,248 | ---- | C] () -- C:\Program Files (x86)\wanl12.rsc
[2012.02.22 20:28:51 | 000,794,624 | ---- | C] () -- C:\Program Files (x86)\wimp12.db3
[2012.02.22 20:28:43 | 015,691,776 | ---- | C] () -- C:\Program Files (x86)\main12.db3
[2012.02.07 17:07:20 | 002,984,960 | ---- | C] () -- C:\Program Files (x86)\ericfelder.db3
[2012.01.24 14:22:34 | 000,279,552 | ---- | C] () -- C:\Program Files (x86)\kont12.db3
[2012.01.24 14:22:34 | 000,082,944 | ---- | C] () -- C:\Program Files (x86)\fabu12.db3
[2011.11.28 12:24:20 | 000,001,092 | ---- | C] () -- C:\Program Files (x86)\sx-pdf-lib.license
[2011.11.28 12:22:16 | 000,630,272 | ---- | C] () -- C:\Program Files (x86)\stdcolors.dat
[2011.11.28 12:22:16 | 000,539,136 | ---- | C] () -- C:\Program Files (x86)\stdfonts.dat
[2011.11.28 12:22:16 | 000,132,096 | ---- | C] () -- C:\Program Files (x86)\stdannots.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Ich\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Ich\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.28 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\7-PDFSplitMerge
[2013.02.26 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Agoke
[2012.06.27 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Amazon
[2012.02.22 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Buhl Data Service
[2012.03.19 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IGC
[2013.02.26 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Imes
[2012.01.30 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia
[2012.01.30 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia Suite
[2012.05.29 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\PC Suite
[2012.05.30 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Samsung
[2013.02.26 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Tyihek
[2012.11.05 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\VideoConverterPackages
 
========== Purity Check ==========
 
 

< End of report >
         
Weiter das Extrasfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.02.2013 12:21:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,39% Memory free
15,96 Gb Paging File | 14,43 Gb Available in Paging File | 90,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 484,04 Gb Free Space | 51,96% Space Free | Partition Type: NTFS
Drive D: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,55% Space Free | Partition Type: FAT32
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F1AEC-02D0-45CA-965F-60484E6A3936}" = lport=137 | protocol=17 | dir=in | app=system | 
"{08B298F8-CF37-4E61-BB69-E4DBD2B39EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C46D76A-0551-4873-B076-277DB8EDD332}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12D21D2C-2F57-4628-9BCB-7F9E45F56935}" = lport=139 | protocol=6 | dir=in | app=system | 
"{15DCBB77-0E96-4D1D-B71E-F660525BBD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CEE0DE4-0EDD-4F97-B0A6-14B8A0E94A88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39E7AFB6-0BC5-4E31-BCC7-D3C0F4F60151}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{42D61907-9FF3-40AE-A883-F6EC2D20E3E7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4CD9C001-FC39-4D3F-A809-2AE1C3F2F7F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53587B3E-CA62-4E6A-933D-89D83BF53B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62BBFC84-5552-403A-B612-1DA75313E310}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6C230DA3-4723-4DC1-81CD-554AD297A7F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{79D193EB-A9C3-4385-B81F-00F625BAF8F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C75AD43-5283-4917-BE3E-0FB42CE2843B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95CCF9C1-0D28-41A6-B360-FAB05FB9153B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9F2B4043-94B0-4B8A-B470-000CA78CAB29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0B19584-EC71-4304-806F-B786F104583D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B01CBA96-6F80-41C0-93DC-DB82DAE50549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5F9A822-046A-4F5A-BA40-07602E672E57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA1EF199-A0EF-4CA1-B2E1-B8312ED9210F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE4A9349-C68F-4781-9527-50B105C13925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E1669FFD-7701-4681-9061-CF03BD5A8B58}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F5C2CCC7-2E8A-4125-952B-A5F5B9360289}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7237BA5-C682-4582-B79B-DCB3B8DB9629}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F7E44310-82E1-424A-AD45-8AAB17FE79F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD1EA830-30DB-482D-B32C-1A561E98C869}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058A6410-DED0-4CE5-94DA-C72662F9CA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0920A3D1-24B5-409C-94BB-53CC27BC0D85}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0A86D310-A323-4C0E-8BF6-CCC3DE240F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{19ABEF8F-E669-460B-8258-DAADC451F33D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{2168A2F9-7D38-4A5D-846B-3DC1EE483911}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{251783E6-CEF0-4F11-82F6-0EE51D948F31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C1F2592-D189-4D21-A188-221D7E1C3CC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{311CFBE1-3FB3-4B16-AA4C-88342FC63929}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{3442C925-E071-46A8-BEC0-6303880C2786}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{3C6B1EDB-5284-48F4-B711-E7B719F479D1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{3FDD4753-9DEA-42E5-A3EB-F26F0D88B15A}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{4366A16B-9D78-4CE8-9725-68FAB08074B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{46AAE60D-DF59-4761-87E1-75088A8A8BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{4A1430D4-8F20-4912-ACCF-C124610FF956}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{4DB4A900-EECB-41DC-8F00-5178D04EECD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5128C561-0E93-4261-9DFA-E30DA1A828DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58EB3777-6F75-4CE0-B699-CDDED0C96F54}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{59B4264C-7656-4907-93B8-E8D8D8E2770A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60967B96-B56E-407C-9575-0616F1A3BACD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{62AF430A-F9AC-4293-A2EC-C6128786AF23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6DEA5188-2DEF-4002-B82D-5E74F542EB10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F38A142-A939-4592-BFEA-214649CFA809}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74277108-31B3-45DC-8A88-DDC3D42F8DF9}" = protocol=6 | dir=out | app=system | 
"{7BC08BB2-002F-4BB0-8E5E-15EB81C55FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{7C816FE0-173D-42A8-8A7E-DC8390A016EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7DAAE5E6-B769-43C1-9B9F-332DD830BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{7E06817A-382E-49D0-932C-5674C019E0C7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8914C035-4420-4739-85A7-362C439E0E12}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8CAEB65D-094B-48E9-A681-4DF41B8C750B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{907A6B60-B842-49E9-9251-7B3A6F055658}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{ADE0E6E2-239F-42FB-BDF0-48F36BCF2ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5EBEA4E-2FA6-47E7-BED5-177189BDCD3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6AF50D0-31FC-4050-B1CA-16F39A2EC7B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB1FFC45-CCD5-4193-8508-F8613187D9C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB5DC8FA-0A9D-4017-BB1F-F81DA65B6B51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BE6A1F64-4282-4397-BBDE-85315C9C90A5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{C11E58F6-6B8D-4D08-B0CE-F36DD75AC9D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2A65488-114A-4F81-B3CC-5668E94C5D2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA454D2E-9D16-410F-A77A-D73ECDD92F7A}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{D0C10BC5-88D1-499D-A6C9-338120EFEEF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5FA3BDB-A0EC-4A0D-9EEA-27590979EF55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8F82EC4-6877-48B5-89B4-EC18B03AE8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{DCFD7AB1-B104-4809-9CDA-0C6FF0A1DCEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{E3495DDC-4F5F-43F0-AD9E-5B25D27A7E61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E62A8467-D57A-4C29-8360-34F5CC39DC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EAE8E771-EC60-4ED4-8A45-20C2A299BCFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC250733-3D90-4138-969F-B90BBF9514EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F275358E-555F-4E71-A9B4-AD51CD70C026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"TCP Query User{3BC4F508-D92D-46AC-A99D-4C3989BD30C5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B6604DBA-28C4-4014-A417-0F0923001EF1}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"TCP Query User{E1335670-138B-4233-B2BE-692FF5D7C313}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"TCP Query User{E2FE777A-4912-434B-96F9-DA4ACFBB4128}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"TCP Query User{FF8BB4A4-B310-4962-9356-197CA90C4CE8}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
"UDP Query User{02D7C4BB-1942-42DD-BBEF-8F095419502E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{243B1CA9-7596-4A44-B2D5-A5E972F13939}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"UDP Query User{67CE6BAC-A9C2-497C-8400-24A89AE468D3}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"UDP Query User{9A2BB7B2-5A70-4D6A-98D0-DFC07D1F620F}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"UDP Query User{B15E242B-AC83-446E-831B-933EA0FF4239}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d7f3e9a-db7d-487e-b7f9-65e7fbe084f4}" = Nero 9 Essentials
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Split & Merge_is1" = 7-PDF Split & Merge Version 2.0.4 (Build 112)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.40
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1670 Series" = Samsung ML-1670 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WinLiveSuite" = Windows Live Essentials
"XFastUsb" = XFastUsb
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Video Converter" = Video Converter
"Video Converter Packages" = Video Converter Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2013 18:01:21 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b34    Startzeit:
 01ce03231f42bc61    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 6465cdd4-6f16-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:10 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11d0    Startzeit:
 01ce032791487971    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 c691729d-6f6f-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:21 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.2.3199,
 Zeitstempel: 0x4ee2440b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004029b  ID des fehlerhaften
 Prozesses: 0xd34  Startzeit der fehlerhaften Anwendung: 0x01ce037c8c4875cb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\winamp.exe  Berichtskennung: d051ca01-6f6f-11e2-b039-002522c932d1
 
Error - 05.02.2013 04:52:58 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: gen_ml.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4ee24417  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000133a7  ID des fehlerhaften
 Prozesses: 0xbd8  Startzeit der fehlerhaften Anwendung: 0x01ce037e18916c9a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll  Berichtskennung: 7027a49b-6f71-11e2-b039-002522c932d1
 
Error - 22.02.2013 15:00:29 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1198    Startzeit:
 01ce112d7fba1736    Endzeit: 80    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1af1d5ef-7d22-11e2-8090-002522c932d1  
 
Error - 22.02.2013 15:01:33 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e70    Startzeit: 
01ce112eebef34a2    Endzeit: 46    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 42020162-7d22-11e2-8090-002522c932d1  
 
Error - 26.02.2013 12:31:08 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x170c  Startzeit der fehlerhaften Anwendung: 0x01ce1421a9666c99  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ebca842d-8031-11e2-b02c-002522c932d1
 
Error - 26.02.2013 12:34:24 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1430  Startzeit der fehlerhaften Anwendung: 0x01ce143ebfbe6ed6  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 609cd1a2-8032-11e2-b02c-002522c932d1
 
Error - 26.02.2013 12:44:06 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x16fc  Startzeit der fehlerhaften Anwendung: 0x01ce14402a0aa48d  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: bb7e5dd2-8033-11e2-b02c-002522c932d1
 
Error - 26.02.2013 13:31:41 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0xfb8  Startzeit der fehlerhaften Anwendung: 0x01ce14469bde19d4  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 619aeb44-803a-11e2-87c6-002522c932d1
 
[ System Events ]
Error - 27.02.2013 06:53:20 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 27.02.2013 06:53:20 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 27.02.2013 06:58:11 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 06:58:12 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 06:58:12 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 06:58:13 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 07:15:33 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 07:15:34 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 07:15:34 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 07:15:35 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
 
< End of report >
         
Grüße

Maik

Alt 27.02.2013, 13:04   #10
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



wo kommt DAS denn jetzt her? o.O

Da müssen wir nochmal ran:

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [Icodyf] C:\Users\Ich\AppData\Roaming\Tyihek
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [oxshjmxw] C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr
[2013.02.26 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Agoke
[2013.02.26 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Imes
:COMMANDS
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




SecurityCheck
Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1 LINK2
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.02.2013, 13:35   #11
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

habe da nur zwei Vermutungen wo die beiden hergekommen sind:
- Hatte zwei Antivirmeldungen wärend den FIX (weil der Rechner wiederr kurz am Netz war)
- Die ganze Komunikation mit Dir und die Downloads Laufen über meinen Zweitrechner (Via USB Stick), weil wenn ich den infizierten Rechner ans Netz nehme ständig neue Meldungen über neue .exe --- Hoffe da nicht einen Fehler gemacht zu haben..

Hier nun die Logs:

OTL Fix:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Icodyf deleted successfully.
C:\Users\Ich\AppData\Roaming\Tyihek folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Run\\oxshjmxw deleted successfully.
C:\Users\Ich\AppData\Local\Temp\Pfrydrtbr folder moved successfully.
C:\Users\Ich\AppData\Roaming\Agoke folder moved successfully.
C:\Users\Ich\AppData\Roaming\Imes folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ich
->Temp folder emptied: 36569 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272013_131611

Files\Folders moved on Reboot...
File\Folder C:\Users\Ich\AppData\Local\Temp\OICE_3E8E5A85-10D8-409F-9E34-1BB65753A2C2.0\46A1CE16. not found!
C:\Users\Ich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Sophos Anti-Rootkit 1.5.0   
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java 7 Update 13  
  Adobe Flash Player 11.5.502.149 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (19.0) 
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 28.02.2013, 06:41   #12
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



OK!

Mach noch einen letzten OTL-Scan, damit wir nachkontrollieren können.
Möglichkeit Nummer eins deiner aufzählung war die Ursache - OTL hat auf den Virus zugegriffen, um ihn zu löschen - und Antivir hat prompt den Zugriff verweigert!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.02.2013, 11:52   #13
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

da bin ich aber froh keinen weiteren Mist gebaut zu haben....

Was war das für ein Trojaner und was wollte er/ hat er gemacht?

Dann schauen wir mal wie es so Gustav geht.
Hier nun die Logdateien.

OTL:
Code:
ATTFilter
OTL logfile created on: 28.02.2013 09:19:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,86% Memory free
15,96 Gb Paging File | 14,47 Gb Available in Paging File | 90,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 482,48 Gb Free Space | 51,80% Space Free | Partition Type: NTFS
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ich\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 C9 DA AB 96 D0 CC 01  [binary data]
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..\SearchScopes\{9E677005-0C17-4053-B24D-B5D1D048446E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-477487753-2087711152-3356809368-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:38:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 10:03:04 | 000,000,000 | ---D | M]
 
[2012.01.11 21:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Extensions
[2013.01.10 18:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Firefox\Profiles\udolovn7.default\extensions
[2013.02.20 10:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 10:38:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.29 11:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:12:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.29 11:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.29 11:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.29 11:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.29 11:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-477487753-2087711152-3356809368-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-477487753-2087711152-3356809368-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61575A0-B03C-4451-926B-C369B4992AB6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1eb14fc7-3ca6-11e1-95a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 11:51:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.26 14:03:06 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ich\Desktop\aswMBR.exe
[2013.02.26 13:43:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.23 23:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.02.23 23:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.02.23 04:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Malwarebytes
[2013.02.23 03:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 03:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 03:58:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.23 03:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.20 10:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 00:17:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 00:17:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 00:17:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 00:17:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 00:17:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 00:17:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 00:17:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 00:17:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 00:17:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 00:17:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 00:17:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 00:17:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 00:17:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 00:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 00:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:50:12 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:50:12 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:50:11 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:50:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:50:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:50:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:50:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:50:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:50:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:50:03 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.04 12:56:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.04 12:56:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.02.22 20:32:17 | 003,412,912 | ---- | C] (TeamViewer GmbH) -- C:\Program Files (x86)\buhlqs_de.exe
[2012.02.22 20:29:20 | 001,824,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files (x86)\xerces.dll
[2012.02.22 20:29:18 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc2008sp1redist_x86.exe
[2012.02.22 20:29:18 | 001,153,024 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icuuc44.dll
[2012.02.22 20:29:18 | 000,148,992 | ---- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files (x86)\log4cpp.dll
[2012.02.22 20:29:18 | 000,146,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\tmcrypt.dll
[2012.02.22 20:29:15 | 014,930,944 | ---- | C] (The ICU Project) -- C:\Program Files (x86)\icudt44.dll
[2012.02.22 20:29:15 | 001,943,040 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericxml.dll
[2012.02.22 20:29:15 | 001,185,280 | ---- | C] (Olaf Stüben) -- C:\Program Files (x86)\fa_xml.dll
[2012.02.22 20:29:15 | 001,025,536 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericutil.dll
[2012.02.22 20:29:14 | 003,172,352 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericprint.dll
[2012.02.22 20:29:14 | 001,544,704 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\erictransfer.dll
[2012.02.22 20:29:14 | 000,978,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericcrypt.dll
[2012.02.22 20:29:14 | 000,331,264 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericplugin.dll
[2012.02.22 20:29:14 | 000,144,896 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericio.dll
[2012.02.22 20:29:13 | 005,016,576 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericbasis.dll
[2012.02.22 20:29:13 | 002,392,064 | ---- | C] (secunet Security Networks AG) -- C:\Program Files (x86)\esigner.dll
[2012.02.22 20:29:13 | 000,864,768 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericapi.dll
[2012.02.22 20:29:13 | 000,256,000 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files (x86)\ericanm.dll
[2012.02.22 20:29:12 | 000,738,792 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTDynInt.ocx
[2012.02.22 20:29:12 | 000,024,576 | ---- | C] (keine) -- C:\Program Files (x86)\rsodf.dll
[2012.02.22 20:29:11 | 005,762,024 | ---- | C] (WPCubed GmbH) -- C:\Program Files (x86)\WPTextDLL01.DLL
[2012.02.22 20:29:10 | 000,466,032 | ---- | C] (Buhl Tax Service, Hannover) -- C:\Program Files (x86)\rspatcher.exe
[2012.02.22 20:29:09 | 002,786,416 | ---- | C] (Buhl Tax Service GmbH, Hannover) -- C:\Program Files (x86)\rspatch.exe
[2012.02.22 20:29:03 | 000,237,056 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\ssleay32.dll
[2012.02.22 20:29:02 | 001,153,024 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\libeay32.dll
[2012.02.22 20:29:02 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012.02.22 20:29:02 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012.02.22 20:29:01 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\gdiplus.dll
[2012.02.22 20:28:51 | 001,061,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2011.11.28 12:23:24 | 005,748,816 | ---- | C] (soft Xpansion) -- C:\Program Files (x86)\sx-pdf-lib.dll
[2011.11.28 12:22:36 | 005,233,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\documentformat.openxml.dll
[2010.02.11 12:09:16 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vc9SP1KB973552redist_x86.exe
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Ich\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Ich\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Ich\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 09:19:07 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 09:19:07 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 09:11:49 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.28 09:11:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 09:11:31 | 2133,860,351 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.27 23:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 23:35:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 13:13:28 | 000,881,935 | ---- | M] () -- C:\Users\Ich\Desktop\SecurityCheck.exe
[2013.02.27 12:13:56 | 000,594,019 | ---- | M] () -- C:\Users\Ich\Desktop\adwcleaner.exe
[2013.02.27 09:37:01 | 000,000,512 | ---- | M] () -- C:\Users\Ich\Desktop\MBR.dat
[2013.02.26 13:40:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ich\Desktop\aswMBR.exe
[2013.02.26 13:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ich\Desktop\OTL.exe
[2013.02.24 21:05:23 | 000,019,875 | ---- | M] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 03:58:47 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 03:58:47 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 03:58:47 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 03:58:47 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 03:58:16 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.14 08:03:00 | 000,417,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.09 22:46:19 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 22:46:19 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 12:56:11 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 12:56:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.04 12:56:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.04 12:56:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 12:56:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.01 12:49:17 | 000,263,391 | ---- | M] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
 
========== Files Created - No Company Name ==========
 
[2013.02.27 13:18:45 | 000,881,935 | ---- | C] () -- C:\Users\Ich\Desktop\SecurityCheck.exe
[2013.02.27 12:15:49 | 000,594,019 | ---- | C] () -- C:\Users\Ich\Desktop\adwcleaner.exe
[2013.02.27 09:37:01 | 000,000,512 | ---- | C] () -- C:\Users\Ich\Desktop\MBR.dat
[2013.02.24 21:05:23 | 000,019,875 | ---- | C] () -- C:\Users\Ich\Desktop\Paketschein Lumix.pdf
[2013.02.23 03:58:16 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.01 12:49:17 | 000,263,391 | ---- | C] () -- C:\Users\Ich\Desktop\Branchen-Nomenklatur_WZ_2008.pdf
[2013.01.21 13:54:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.11.28 13:37:01 | 000,000,291 | ---- | C] () -- C:\Users\Ich\AppData\Local\config.ini
[2012.11.28 12:26:08 | 000,000,879 | ---- | C] () -- C:\Users\Ich\AppData\Local\recently-used.xbel
[2012.07.28 09:57:01 | 039,172,817 | ---- | C] () -- C:\Program Files (x86)\ev20120524.rtp
[2012.07.28 09:57:01 | 000,001,966 | ---- | C] () -- C:\Program Files (x86)\WWPATCH.CTL
[2012.07.28 09:57:01 | 000,000,251 | ---- | C] () -- C:\Program Files (x86)\default.rtp
[2012.02.22 20:32:48 | 000,001,035 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.22 20:32:21 | 000,325,337 | ---- | C] () -- C:\Program Files (x86)\tx.config.xml
[2012.02.22 20:32:18 | 019,326,576 | ---- | C] () -- C:\Program Files (x86)\upgradeT.exe
[2012.02.22 20:32:17 | 000,537,240 | ---- | C] () -- C:\Program Files (x86)\taxaktuell.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\zulage2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_umsatzsteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_gewerbesteuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\stman2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\steuer2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\splan2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\freibetrag2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\feststellung2012.exe
[2012.02.22 20:32:17 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\fahrt2012.exe
[2012.02.22 20:32:17 | 000,109,056 | ---- | C] () -- C:\Program Files (x86)\taxhilfe.exe
[2012.02.22 20:32:16 | 000,440,807 | ---- | C] () -- C:\Program Files (x86)\konfigurator_verheiratet.v2011
[2012.02.22 20:32:16 | 000,407,074 | ---- | C] () -- C:\Program Files (x86)\konfigurator_ledig.v2011
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\tax_anmeldesteuern2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\bruttonetto2012.exe
[2012.02.22 20:32:16 | 000,332,912 | ---- | C] () -- C:\Program Files (x86)\beleg2012.exe
[2012.02.22 20:32:16 | 000,000,147 | ---- | C] () -- C:\Program Files (x86)\helpdesk.cfg
[2012.02.22 20:32:13 | 009,381,888 | ---- | C] () -- C:\Program Files (x86)\wstyle512.rsc
[2012.02.22 20:32:12 | 000,899,072 | ---- | C] () -- C:\Program Files (x86)\wfrm212.rsc
[2012.02.22 20:32:12 | 000,133,120 | ---- | C] () -- C:\Program Files (x86)\wfrm712.rsc
[2012.02.22 20:32:12 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\wfrm612.rsc
[2012.02.22 20:32:10 | 005,415,936 | ---- | C] () -- C:\Program Files (x86)\wfrm512.rsc
[2012.02.22 20:32:10 | 000,353,576 | ---- | C] () -- C:\Program Files (x86)\cdcheck.exe
[2012.02.22 20:32:10 | 000,239,616 | ---- | C] () -- C:\Program Files (x86)\wfrm412.rsc
[2012.02.22 20:32:10 | 000,233,472 | ---- | C] () -- C:\Program Files (x86)\wfrm112.rsc
[2012.02.22 20:32:10 | 000,138,240 | ---- | C] () -- C:\Program Files (x86)\wfrm312.rsc
[2012.02.22 20:32:10 | 000,010,240 | ---- | C] () -- C:\Program Files (x86)\wdict512.rsc
[2012.02.22 20:31:36 | 000,088,064 | ---- | C] () -- C:\Program Files (x86)\whelpust12.rsc
[2012.02.22 20:31:36 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\whelpstpl12.rsc
[2012.02.22 20:31:36 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\whelpzmz12.rsc
[2012.02.22 20:31:36 | 000,018,432 | ---- | C] () -- C:\Program Files (x86)\whelpva12.rsc
[2012.02.22 20:31:36 | 000,015,360 | ---- | C] () -- C:\Program Files (x86)\whelpzmm12.rsc
[2012.02.22 20:31:35 | 000,731,136 | ---- | C] () -- C:\Program Files (x86)\whelplos12.rsc
[2012.02.22 20:31:35 | 000,350,208 | ---- | C] () -- C:\Program Files (x86)\whelpgef12.rsc
[2012.02.22 20:31:35 | 000,242,688 | ---- | C] () -- C:\Program Files (x86)\whelpeue12.rsc
[2012.02.22 20:31:35 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\whelpehz12.rsc
[2012.02.22 20:31:35 | 000,036,864 | ---- | C] () -- C:\Program Files (x86)\whelpiz12.rsc
[2012.02.22 20:31:35 | 000,033,792 | ---- | C] () -- C:\Program Files (x86)\whelpmv12.rsc
[2012.02.22 20:31:35 | 000,026,624 | ---- | C] () -- C:\Program Files (x86)\whelpgst12.rsc
[2012.02.22 20:31:35 | 000,011,264 | ---- | C] () -- C:\Program Files (x86)\whelpbel12.rsc
[2012.02.22 20:31:22 | 037,244,928 | ---- | C] () -- C:\Program Files (x86)\whelpurt12.rsc
[2012.02.22 20:31:22 | 000,229,376 | ---- | C] () -- C:\Program Files (x86)\whelptt12.rsc
[2012.02.22 20:31:21 | 000,074,752 | ---- | C] () -- C:\Program Files (x86)\whelpmbr12.rsc
[2012.02.22 20:31:17 | 011,043,840 | ---- | C] () -- C:\Program Files (x86)\whelpges12.rsc
[2012.02.22 20:31:17 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\whelpfaq12.rsc
[2012.02.22 20:31:15 | 001,296,384 | ---- | C] () -- C:\Program Files (x86)\whelpest12.rsc
[2012.02.22 20:31:14 | 000,565,248 | ---- | C] () -- C:\Program Files (x86)\whelpbfh12.rsc
[2012.02.22 20:31:14 | 000,349,184 | ---- | C] () -- C:\Program Files (x86)\whelpabc12.rsc
[2012.02.22 20:31:14 | 000,064,512 | ---- | C] () -- C:\Program Files (x86)\whelpfabu12.rsc
[2012.02.22 20:31:14 | 000,062,464 | ---- | C] () -- C:\Program Files (x86)\whelpbnr12.rsc
[2012.02.22 20:29:18 | 000,037,376 | ---- | C] () -- C:\Program Files (x86)\rsericp.dll
[2012.02.22 20:29:12 | 000,182,643 | ---- | C] () -- C:\Program Files (x86)\buttons.pcc
[2012.02.22 20:29:11 | 000,000,040 | ---- | C] () -- C:\Program Files (x86)\WPTDynInt.lic
[2012.02.22 20:29:10 | 003,495,648 | ---- | C] () -- C:\Program Files (x86)\rssysteminfo.exe
[2012.02.22 20:29:09 | 000,319,640 | ---- | C] () -- C:\Program Files (x86)\rsguiwinapi47.dll
[2012.02.22 20:29:09 | 000,275,096 | ---- | C] () -- C:\Program Files (x86)\rscorewinapi47.dll
[2012.02.22 20:29:09 | 000,271,872 | ---- | C] () -- C:\Program Files (x86)\phononrs47.dll
[2012.02.22 20:29:09 | 000,230,752 | ---- | C] () -- C:\Program Files (x86)\patchw32.dll
[2012.02.22 20:29:09 | 000,135,832 | ---- | C] () -- C:\Program Files (x86)\rsodbc47.dll
[2012.02.22 20:29:09 | 000,028,672 | ---- | C] () -- C:\Program Files (x86)\rsdcom47.dll
[2012.02.22 20:29:08 | 002,649,088 | ---- | C] () -- C:\Program Files (x86)\qtxmlpatternsrs47.dll
[2012.02.22 20:29:08 | 000,358,400 | ---- | C] () -- C:\Program Files (x86)\qtxmlrs47.dll
[2012.02.22 20:29:06 | 011,163,648 | ---- | C] () -- C:\Program Files (x86)\qtwebkitrs47.dll
[2012.02.22 20:29:06 | 001,340,416 | ---- | C] () -- C:\Program Files (x86)\qtscriptrs47.dll
[2012.02.22 20:29:06 | 000,720,896 | ---- | C] () -- C:\Program Files (x86)\qtsqlrs47.dll
[2012.02.22 20:29:06 | 000,281,088 | ---- | C] () -- C:\Program Files (x86)\qtsvgrs47.dll
[2012.02.22 20:29:06 | 000,108,544 | ---- | C] () -- C:\Program Files (x86)\qttestrs47.dll
[2012.02.22 20:29:05 | 000,990,208 | ---- | C] () -- C:\Program Files (x86)\qtnetworkrs47.dll
[2012.02.22 20:29:05 | 000,715,776 | ---- | C] () -- C:\Program Files (x86)\qtopenglrs47.dll
[2012.02.22 20:29:04 | 008,934,400 | ---- | C] () -- C:\Program Files (x86)\qtguirs47.dll
[2012.02.22 20:29:03 | 002,395,648 | ---- | C] () -- C:\Program Files (x86)\qt3supportrs47.dll
[2012.02.22 20:29:03 | 002,356,736 | ---- | C] () -- C:\Program Files (x86)\qtcorers47.dll
[2012.02.22 20:29:03 | 000,865,280 | ---- | C] () -- C:\Program Files (x86)\qtcluceners47.dll
[2012.02.22 20:29:02 | 000,415,744 | ---- | C] () -- C:\Program Files (x86)\whelpcnt12.rsc
[2012.02.22 20:29:02 | 000,395,264 | ---- | C] () -- C:\Program Files (x86)\whelptech12.rsc
[2012.02.22 20:29:00 | 002,704,384 | ---- | C] () -- C:\Program Files (x86)\wxml12.rsc
[2012.02.22 20:29:00 | 001,340,568 | ---- | C] () -- C:\Program Files (x86)\wwerb12.dll
[2012.02.22 20:28:59 | 002,181,120 | ---- | C] () -- C:\Program Files (x86)\wstyle12.rsc
[2012.02.22 20:28:59 | 001,647,768 | ---- | C] () -- C:\Program Files (x86)\wreli12.dll
[2012.02.22 20:28:59 | 001,547,928 | ---- | C] () -- C:\Program Files (x86)\wsteu12.dll
[2012.02.22 20:28:59 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\wsearch12.rsc
[2012.02.22 20:28:59 | 000,175,104 | ---- | C] () -- C:\Program Files (x86)\wnavitree12.rsc
[2012.02.22 20:28:59 | 000,147,456 | ---- | C] () -- C:\Program Files (x86)\woptions12.rsc
[2012.02.22 20:28:58 | 002,942,616 | ---- | C] () -- C:\Program Files (x86)\wmain12.dll
[2012.02.22 20:28:58 | 000,348,160 | ---- | C] () -- C:\Program Files (x86)\wmisc12.rsc
[2012.02.22 20:28:58 | 000,020,480 | ---- | C] () -- C:\Program Files (x86)\wmenus12.rsc
[2012.02.22 20:28:57 | 006,524,056 | ---- | C] () -- C:\Program Files (x86)\wkont12.dll
[2012.02.22 20:28:57 | 001,170,944 | ---- | C] () -- C:\Program Files (x86)\wimp12.dll
[2012.02.22 20:28:57 | 001,150,104 | ---- | C] () -- C:\Program Files (x86)\whau212.dll
[2012.02.22 20:28:56 | 001,138,840 | ---- | C] () -- C:\Program Files (x86)\whau112.dll
[2012.02.22 20:28:55 | 007,946,392 | ---- | C] () -- C:\Program Files (x86)\wgui12.dll
[2012.02.22 20:28:55 | 002,020,504 | ---- | C] () -- C:\Program Files (x86)\wfvie12.dll
[2012.02.22 20:28:55 | 000,135,168 | ---- | C] () -- C:\Program Files (x86)\wfanl12.rsc
[2012.02.22 20:28:54 | 003,002,520 | ---- | C] () -- C:\Program Files (x86)\wcore12.dll
[2012.02.22 20:28:54 | 001,491,096 | ---- | C] () -- C:\Program Files (x86)\wbae412.dll
[2012.02.22 20:28:54 | 001,309,848 | ---- | C] () -- C:\Program Files (x86)\wfabu12.dll
[2012.02.22 20:28:54 | 000,059,392 | ---- | C] () -- C:\Program Files (x86)\wdict12.rsc
[2012.02.22 20:28:54 | 000,029,696 | ---- | C] () -- C:\Program Files (x86)\wcmds12.rsc
[2012.02.22 20:28:53 | 001,918,616 | ---- | C] () -- C:\Program Files (x86)\wbae312.dll
[2012.02.22 20:28:53 | 001,359,000 | ---- | C] () -- C:\Program Files (x86)\wbae212.dll
[2012.02.22 20:28:52 | 004,616,856 | ---- | C] () -- C:\Program Files (x86)\wbae112.dll
[2012.02.22 20:28:52 | 004,451,992 | ---- | C] () -- C:\Program Files (x86)\wauff12.dll
[2012.02.22 20:28:52 | 000,012,288 | ---- | C] () -- C:\Program Files (x86)\wauff12.rsc
[2012.02.22 20:28:51 | 001,077,248 | ---- | C] () -- C:\Program Files (x86)\wanl12.rsc
[2012.02.22 20:28:51 | 000,794,624 | ---- | C] () -- C:\Program Files (x86)\wimp12.db3
[2012.02.22 20:28:43 | 015,691,776 | ---- | C] () -- C:\Program Files (x86)\main12.db3
[2012.02.07 17:07:20 | 002,984,960 | ---- | C] () -- C:\Program Files (x86)\ericfelder.db3
[2012.01.24 14:22:34 | 000,279,552 | ---- | C] () -- C:\Program Files (x86)\kont12.db3
[2012.01.24 14:22:34 | 000,082,944 | ---- | C] () -- C:\Program Files (x86)\fabu12.db3
[2011.11.28 12:24:20 | 000,001,092 | ---- | C] () -- C:\Program Files (x86)\sx-pdf-lib.license
[2011.11.28 12:22:16 | 000,630,272 | ---- | C] () -- C:\Program Files (x86)\stdcolors.dat
[2011.11.28 12:22:16 | 000,539,136 | ---- | C] () -- C:\Program Files (x86)\stdfonts.dat
[2011.11.28 12:22:16 | 000,132,096 | ---- | C] () -- C:\Program Files (x86)\stdannots.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Ich\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Ich\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Ich\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.28 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\7-PDFSplitMerge
[2012.06.27 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Amazon
[2012.02.22 20:34:16 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Buhl Data Service
[2012.03.19 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IGC
[2012.01.30 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia
[2012.01.30 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Nokia Suite
[2012.05.29 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\PC Suite
[2012.05.30 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Samsung
[2012.11.05 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\VideoConverterPackages
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 28.02.2013 09:19:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ich\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,86% Memory free
15,96 Gb Paging File | 14,47 Gb Available in Paging File | 90,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 482,48 Gb Free Space | 51,80% Space Free | Partition Type: NTFS
 
Computer Name: GUSTAV | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065F1AEC-02D0-45CA-965F-60484E6A3936}" = lport=137 | protocol=17 | dir=in | app=system | 
"{08B298F8-CF37-4E61-BB69-E4DBD2B39EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C46D76A-0551-4873-B076-277DB8EDD332}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12D21D2C-2F57-4628-9BCB-7F9E45F56935}" = lport=139 | protocol=6 | dir=in | app=system | 
"{15DCBB77-0E96-4D1D-B71E-F660525BBD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CEE0DE4-0EDD-4F97-B0A6-14B8A0E94A88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39E7AFB6-0BC5-4E31-BCC7-D3C0F4F60151}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{42D61907-9FF3-40AE-A883-F6EC2D20E3E7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4CD9C001-FC39-4D3F-A809-2AE1C3F2F7F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53587B3E-CA62-4E6A-933D-89D83BF53B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62BBFC84-5552-403A-B612-1DA75313E310}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6C230DA3-4723-4DC1-81CD-554AD297A7F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{79D193EB-A9C3-4385-B81F-00F625BAF8F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C75AD43-5283-4917-BE3E-0FB42CE2843B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95CCF9C1-0D28-41A6-B360-FAB05FB9153B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9F2B4043-94B0-4B8A-B470-000CA78CAB29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0B19584-EC71-4304-806F-B786F104583D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B01CBA96-6F80-41C0-93DC-DB82DAE50549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5F9A822-046A-4F5A-BA40-07602E672E57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA1EF199-A0EF-4CA1-B2E1-B8312ED9210F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE4A9349-C68F-4781-9527-50B105C13925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E1669FFD-7701-4681-9061-CF03BD5A8B58}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F5C2CCC7-2E8A-4125-952B-A5F5B9360289}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7237BA5-C682-4582-B79B-DCB3B8DB9629}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F7E44310-82E1-424A-AD45-8AAB17FE79F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD1EA830-30DB-482D-B32C-1A561E98C869}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058A6410-DED0-4CE5-94DA-C72662F9CA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0920A3D1-24B5-409C-94BB-53CC27BC0D85}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0A86D310-A323-4C0E-8BF6-CCC3DE240F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{19ABEF8F-E669-460B-8258-DAADC451F33D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{2168A2F9-7D38-4A5D-846B-3DC1EE483911}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{251783E6-CEF0-4F11-82F6-0EE51D948F31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C1F2592-D189-4D21-A188-221D7E1C3CC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{311CFBE1-3FB3-4B16-AA4C-88342FC63929}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{3442C925-E071-46A8-BEC0-6303880C2786}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{3C6B1EDB-5284-48F4-B711-E7B719F479D1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{3FDD4753-9DEA-42E5-A3EB-F26F0D88B15A}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{4366A16B-9D78-4CE8-9725-68FAB08074B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{46AAE60D-DF59-4761-87E1-75088A8A8BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{4A1430D4-8F20-4912-ACCF-C124610FF956}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{4DB4A900-EECB-41DC-8F00-5178D04EECD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5128C561-0E93-4261-9DFA-E30DA1A828DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58EB3777-6F75-4CE0-B699-CDDED0C96F54}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{59B4264C-7656-4907-93B8-E8D8D8E2770A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60967B96-B56E-407C-9575-0616F1A3BACD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{62AF430A-F9AC-4293-A2EC-C6128786AF23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6DEA5188-2DEF-4002-B82D-5E74F542EB10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F38A142-A939-4592-BFEA-214649CFA809}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74277108-31B3-45DC-8A88-DDC3D42F8DF9}" = protocol=6 | dir=out | app=system | 
"{7BC08BB2-002F-4BB0-8E5E-15EB81C55FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{7C816FE0-173D-42A8-8A7E-DC8390A016EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7DAAE5E6-B769-43C1-9B9F-332DD830BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{7E06817A-382E-49D0-932C-5674C019E0C7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8914C035-4420-4739-85A7-362C439E0E12}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8CAEB65D-094B-48E9-A681-4DF41B8C750B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{907A6B60-B842-49E9-9251-7B3A6F055658}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{ADE0E6E2-239F-42FB-BDF0-48F36BCF2ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5EBEA4E-2FA6-47E7-BED5-177189BDCD3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6AF50D0-31FC-4050-B1CA-16F39A2EC7B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB1FFC45-CCD5-4193-8508-F8613187D9C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB5DC8FA-0A9D-4017-BB1F-F81DA65B6B51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BE6A1F64-4282-4397-BBDE-85315C9C90A5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{C11E58F6-6B8D-4D08-B0CE-F36DD75AC9D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2A65488-114A-4F81-B3CC-5668E94C5D2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA454D2E-9D16-410F-A77A-D73ECDD92F7A}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{D0C10BC5-88D1-499D-A6C9-338120EFEEF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5FA3BDB-A0EC-4A0D-9EEA-27590979EF55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8F82EC4-6877-48B5-89B4-EC18B03AE8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{DCFD7AB1-B104-4809-9CDA-0C6FF0A1DCEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{E3495DDC-4F5F-43F0-AD9E-5B25D27A7E61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E62A8467-D57A-4C29-8360-34F5CC39DC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EAE8E771-EC60-4ED4-8A45-20C2A299BCFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC250733-3D90-4138-969F-B90BBF9514EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F275358E-555F-4E71-A9B4-AD51CD70C026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"TCP Query User{3BC4F508-D92D-46AC-A99D-4C3989BD30C5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B6604DBA-28C4-4014-A417-0F0923001EF1}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"TCP Query User{E1335670-138B-4233-B2BE-692FF5D7C313}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"TCP Query User{E2FE777A-4912-434B-96F9-DA4ACFBB4128}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"TCP Query User{FF8BB4A4-B310-4962-9356-197CA90C4CE8}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=6 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
"UDP Query User{02D7C4BB-1942-42DD-BBEF-8F095419502E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{243B1CA9-7596-4A44-B2D5-A5E972F13939}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"UDP Query User{67CE6BAC-A9C2-497C-8400-24A89AE468D3}C:\users\ich\appdata\roaming\acuq\mucov.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\acuq\mucov.exe | 
"UDP Query User{9A2BB7B2-5A70-4D6A-98D0-DFC07D1F620F}C:\users\ich\appdata\roaming\tyihek\erzo.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\tyihek\erzo.exe | 
"UDP Query User{B15E242B-AC83-446E-831B-933EA0FF4239}C:\users\ich\appdata\roaming\yphyry\ocgu.exe" = protocol=17 | dir=in | app=c:\users\ich\appdata\roaming\yphyry\ocgu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d7f3e9a-db7d-487e-b7f9-65e7fbe084f4}" = Nero 9 Essentials
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Split & Merge_is1" = 7-PDF Split & Merge Version 2.0.4 (Build 112)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.40
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1670 Series" = Samsung ML-1670 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WinLiveSuite" = Windows Live Essentials
"XFastUsb" = XFastUsb
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-477487753-2087711152-3356809368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Video Converter" = Video Converter
"Video Converter Packages" = Video Converter Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2013 18:01:21 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b34    Startzeit:
 01ce03231f42bc61    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 6465cdd4-6f16-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:10 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11d0    Startzeit:
 01ce032791487971    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
 c691729d-6f6f-11e2-b039-002522c932d1  
 
Error - 05.02.2013 04:41:21 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.2.3199,
 Zeitstempel: 0x4ee2440b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004029b  ID des fehlerhaften
 Prozesses: 0xd34  Startzeit der fehlerhaften Anwendung: 0x01ce037c8c4875cb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\winamp.exe  Berichtskennung: d051ca01-6f6f-11e2-b039-002522c932d1
 
Error - 05.02.2013 04:52:58 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199, 
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: gen_ml.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4ee24417  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000133a7  ID des fehlerhaften
 Prozesses: 0xbd8  Startzeit der fehlerhaften Anwendung: 0x01ce037e18916c9a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll  Berichtskennung: 7027a49b-6f71-11e2-b039-002522c932d1
 
Error - 22.02.2013 15:00:29 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1198    Startzeit:
 01ce112d7fba1736    Endzeit: 80    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1af1d5ef-7d22-11e2-8090-002522c932d1  
 
Error - 22.02.2013 15:01:33 | Computer Name = Gustav | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.0.4794 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e70    Startzeit: 
01ce112eebef34a2    Endzeit: 46    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 42020162-7d22-11e2-8090-002522c932d1  
 
Error - 26.02.2013 12:31:08 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x170c  Startzeit der fehlerhaften Anwendung: 0x01ce1421a9666c99  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ebca842d-8031-11e2-b02c-002522c932d1
 
Error - 26.02.2013 12:34:24 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1430  Startzeit der fehlerhaften Anwendung: 0x01ce143ebfbe6ed6  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 609cd1a2-8032-11e2-b02c-002522c932d1
 
Error - 26.02.2013 12:44:06 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x16fc  Startzeit der fehlerhaften Anwendung: 0x01ce14402a0aa48d  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: bb7e5dd2-8033-11e2-b02c-002522c932d1
 
Error - 26.02.2013 13:31:41 | Computer Name = Gustav | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0xfb8  Startzeit der fehlerhaften Anwendung: 0x01ce14469bde19d4  Pfad der
 fehlerhaften Anwendung: C:\Users\Ich\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 619aeb44-803a-11e2-87c6-002522c932d1
 
[ System Events ]
Error - 27.02.2013 08:16:11 | Computer Name = Gustav | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 27.02.2013 08:31:47 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 08:31:47 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 08:31:48 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 08:31:48 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 27.02.2013 08:33:18 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 08:33:19 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 08:33:19 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 08:33:20 | Computer Name = Gustav | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 27.02.2013 14:28:02 | Computer Name = Gustav | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Viele Grüße

Maik

Geändert von Maik Th (28.02.2013 um 12:00 Uhr)

Alt 01.03.2013, 09:56   #14
Psychotic
/// Malwareteam
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 01.03.2013, 19:38   #15
Maik Th
 
Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Standard

Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)



Hallo Marius,

habe 3x gescannt mit unterschiedlichen Ergebnissen.
1.Malewarebytes brachte nichts.
2. ESET brache 3 Meldungen.
3. Malewarebytes brachte 3 Meldungen.

1. Maleware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.26.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Deaktiviert

28.02.2013 13:46:21
mbam-log-2013-02-28 (13-46-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226410
Laufzeit: 1 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
2. ESET:
Code:
ATTFilter
C:\_OTL\MovedFiles\02272013_115117\C_Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe	a variant of Win32/Injector.ADID trojan
C:\_OTL\MovedFiles\02272013_115117\C_Users\Ich\AppData\Roaming\Lopk\fihjnzlry.exe	a variant of Win32/Injector.ADID trojan
C:\_OTL\MovedFiles\02272013_131611\C_Users\Ich\AppData\Roaming\Tyihek\erzo.exe	Win32/Spy.Zbot.AAO trojan
         
3. Maleware jetzt auch
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: GUSTAV [Administrator]

Schutz: Deaktiviert

01.03.2013 18:15:46
mbam-log-2013-03-01 (18-15-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 503466
Laufzeit: 1 Stunde(n), 8 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\02272013_115117\C_Users\Ich\AppData\Local\Temp\Pfrydrtbr\illxsejmxw.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02272013_115117\C_Users\Ich\AppData\Roaming\Lopk\fihjnzlry.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02272013_131611\C_Users\Ich\AppData\Roaming\Tyihek\erzo.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Was nun??

Grüße,

Maik

Antwort

Themen zu Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
administrator, anschluss, antivir, application.joke, avira, firewall, iph.trojan.zbot.rke, löschen, malwarebytes, passwort, programme, pup.joke.buttons, software, spyware, spyware.onlinegames, system volume information, taskmanager, tdss, trojan.agent.mu, trojan.downloader.gen, trojaner, win32/injector.adid, win32/spy.zbot.aao



Ähnliche Themen: Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)


  1. Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm
    Log-Analyse und Auswertung - 17.09.2013 (28)
  2. Befall von Trojan-Spy.Win32.Zbot.mzqa laut Disinfec't 2013
    Log-Analyse und Auswertung - 13.07.2013 (11)
  3. Nach Hinweis von Telekom Abuse Team Trojanerfund Trojan.Zbot.FV
    Log-Analyse und Auswertung - 11.06.2013 (10)
  4. Rechner ist extrem langsam nach Befall mit Trojan.Win32.Jorik.Androm.pfm
    Log-Analyse und Auswertung - 21.05.2013 (5)
  5. Logs nach einem Trojan.Zbot.ED fund
    Log-Analyse und Auswertung - 18.05.2013 (17)
  6. Trojan.ZBot.SXGen nach E-Mail von abuse-telekom gefunden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (4)
  7. Trojan.Zbot auf frisch neu aufgesetztem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (1)
  8. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  9. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  10. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  11. Hijackthis-Log nach trojan.vundo.h Befall
    Log-Analyse und Auswertung - 03.10.2010 (1)
  12. Trojan.Zbot/Hiloti auf dem rechner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (8)
  13. Diverser Befall durch Adware/Trojaner (?) Unter anderem 'TR/Spy.ZBot.aghs'
    Plagegeister aller Art und deren Bekämpfung - 20.03.2010 (1)
  14. Rechner wieder sauber nach Trojaner Befall?
    Log-Analyse und Auswertung - 28.12.2009 (2)
  15. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  16. Rechner mit Knoppix bereinigen und neuaufstellen
    Alles rund um Mac OSX & Linux - 13.04.2008 (11)
  17. Rechner nach Zlob Befall: Kasparsky Log + HiJack This Log
    Log-Analyse und Auswertung - 17.02.2008 (1)

Zum Thema Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) - Hallo Trojaner-Board-Profis, Das ist ja soo blöd… Habe eine Mail erhalten mit Mahnung und Attachment... GMX Scanner und Antivir sagten:_ Ok sicher_ und angegebener Shop sah seriös aus... Habe, dummer - Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)...
Archiv
Du betrachtest: Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.