Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.06.2013, 13:56   #1
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Unglücklich

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Bei einem routinemäßigen Backup meines Laptops mit Windows-Backup habe ich eine Fehlermeldung über ein nicht ordnungsgemäß abgeschlossenes Backup erhalten (das war vor 8 Tagen; war jetzt 1 Woche verreist und der Computer war nicht in Verwendung). Nach einiger Suche habe ich im Internet einen Hinweis gefunden, dass die Ursache möglicherweise Schadsoftware sein könnte. Habe daraufhin einen vollständigen Scan (mache sonst meist nur Quick-Scans) mit MSE durchgeführt (gestern), bei dem die im Betreff genannten Elemente gefunden wurden. Habe diese über die in MSE integrierte Funktion entfernt, wobei Rogue:Win32/Winwebsec 20 Minuten nach dem Entfernen nochmals als "Unter Quarantäne" aufgelistet wird.

Ich habe bis jetzt keine abnormalen Verhaltensweisen an meinem Rechner entdeckt (außer, dass er manchmal langsam war - das kann aber auch Einbildung - und meine Internetverbindung zeitweise abgebrochen ist; auch das kann natürlich andere Gründe haben).

Das Backup habe ich mittlerweile erfolgreich durchgeführt (das letzte davor ohne die oben beschriebene Fehlermeldung war vor 7 Wochen).

Vor 8 Tagen habe ich etliche Daten auf ein Netbook kopiert, das ich auf eine Reise mitgenommen habe. Dieses Netbook scheint (lt. MSE) sauber zu sein.

Die Frage ist nun, ob mein Rechner (der infizierte Laptop) tatsächlich sauber ist und ob ich sicherheitshalber alle Passwörter ändern soll/muss.

Der Rechner wird auch für Electronic Banking und Einkäufe in Online-Shops (Amazon, ebay, Hotel- und Flugbuchungen, etc.) verwendet.
Für die Speicherung von Passwörtern verwende ich den Passwortmanager von Firefox. Die Mail-Passwörter sind in Thunderbird gespeichert. Für die Speicherung sonstiger Passwörter verwende ich KeePass. Das Passwortfile wird über Dropbox mit einem Mobiltelefon synchronisiert.

Hier die Logfiles (GMER.txt reiche ich nach sobald der Scan fertig ist; läuft schon seit 6 Stunden):
Code:
ATTFilter
OTL logfile created on: 04.06.2013 08:07:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 65,66% Memory free
6,90 Gb Paging File | 5,66 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,86 Gb Total Space | 17,41 Gb Free Space | 7,51% Space Free | Partition Type: NTFS
Drive F: | 750,00 Mb Total Space | 541,25 Mb Free Space | 72,17% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-NB | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 08:05:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013.05.23 20:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.19 13:48:10 | 001,404,768 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMAgent.exe
PRC - [2012.11.19 13:48:04 | 000,921,440 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMScan.exe
PRC - [2012.09.17 17:40:04 | 001,910,984 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\a.sign Client\ASignLauncher.exe
PRC - [2012.08.20 12:51:56 | 003,609,800 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
PRC - [2011.08.04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.07.25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011.07.19 05:53:07 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.29 12:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe
PRC - [2009.06.19 14:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.06.09 10:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
PRC - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe
PRC - [2009.02.01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.01.31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.11.24 13:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003.02.21 14:16:16 | 000,061,440 | R--- | M] (Tracker Software Products) -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.20 12:52:20 | 000,007,368 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll
MOD - [2012.08.20 12:52:18 | 002,393,288 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll
MOD - [2012.08.20 12:52:16 | 000,406,728 | ---- | M] () -- C:\Programme\A-Trust GmbH\a.sign Client\plug_acSecurityLayer.dll
MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 16:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
MOD - [2003.04.27 16:02:28 | 000,011,264 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xmf.dll
MOD - [2003.02.05 16:22:04 | 000,017,920 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\xc_local.dll
MOD - [2003.01.23 14:55:00 | 000,018,944 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xcx.dll
MOD - [2003.01.22 18:29:32 | 000,024,576 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_jb2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 09:40:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.13 18:39:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe -- (STacSV)
SRV - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.03.26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012.01.31 16:37:42 | 000,587,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2012.01.31 16:37:42 | 000,551,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2012.01.31 16:37:42 | 000,032,512 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 09:56:26 | 000,059,136 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.11.16 09:56:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.28 09:57:32 | 000,544,000 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2009.07.29 13:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.06.15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.06.13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2009.05.28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 12 C8 E2 98 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Michael/Documents/_MPO/Computer/Internet/Startseite/Startseite.html"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 17:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.26 17:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.08 14:34:41 | 000,000,000 | ---D | M]
 
[2012.10.20 12:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.10.26 08:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e0uuplke.default\extensions
[2013.05.26 17:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:39:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ACSW14DE] "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" /pid ACSW14DE File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A0E855-CD77-4DE4-9F63-EB21BBBA998B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EEF76ED-55AE-4BB2-896C-D02FF104533E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.26 13:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync
[2013.05.26 13:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2013.05.11 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
[2013.05.11 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2013.05.11 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013.05.11 14:14:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\4Free
[2013.05.11 14:08:20 | 034,173,045 | ---- | C] (4Free Studio                                                ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe
[2013.05.06 09:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 08:07:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 08:07:25 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 08:00:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.04 08:00:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 08:00:04 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 07:59:01 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.06.04 07:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 07:34:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 22:50:50 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.02 22:50:50 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.02 22:50:50 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.02 22:50:50 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.15 11:10:57 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.13 08:51:06 | 000,007,626 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.05.11 14:10:02 | 034,173,045 | ---- | M] (4Free Studio                                                ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.04 07:58:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.05.26 17:39:32 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.16 17:31:22 | 000,007,626 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012.09.21 13:49:02 | 000,002,157 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
[2012.09.18 11:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2012.09.18 11:10:17 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012.09.18 11:06:58 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012.09.18 11:02:03 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL
[2012.09.14 15:46:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.13 03:16:08 | 000,696,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.09.13 03:16:08 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.09.13 03:16:08 | 000,148,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.09.13 03:16:08 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 15:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.11 14:14:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\4Free
[2013.04.19 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\A-Trust GmbH
[2012.10.08 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems
[2012.12.20 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2012.10.26 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GoPal Assistant
[2012.10.14 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iSpy
[2012.10.17 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.03.01 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mindjet
[2012.12.20 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NewSoft
[2012.12.12 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PE International
[2012.09.18 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 08:07:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 65,66% Memory free
6,90 Gb Paging File | 5,66 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,86 Gb Total Space | 17,41 Gb Free Space | 7,51% Space Free | Partition Type: NTFS
Drive F: | 750,00 Mb Total Space | 541,25 Mb Free Space | 72,17% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-NB | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043E0F3-2D10-4553-B609-FAC703062E42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06598837-B626-454C-9AB5-5B8A1356E630}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{278FA260-A016-45C5-8214-AFACE767A16D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{27F47857-3003-4F17-964B-585852F9AF63}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2C751129-A713-4452-9D95-12E3463A4A64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2CDA500E-9AA5-481C-809F-EA87ECDD5521}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C95FD9A-9622-4417-9564-7AACFC0AA17E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4E42DF28-432A-4F18-8E63-16590DDB9912}" = rport=445 | protocol=6 | dir=out | app=system | 
"{511F6A57-0B3A-49E0-B254-7C6FA74CCF07}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5894C8CF-E855-4F5B-AC74-4993CC8C4665}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D56C665-B148-4239-867A-F8187162886E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{60EDB3ED-411B-49B7-B7FA-0EDFC5B39A0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{64302A08-7105-42CD-AF55-A216FB4E5011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73D7D09D-AC30-42F3-A03B-3EE905DFCB1A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{82BE1EDB-8A91-4FF4-B267-381357709692}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99E6C71C-13CD-4CAC-9419-4226A610BB1F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F915A0B-E517-4C39-8DA4-45FB26C8226B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6B88FE1-94A6-42E0-AEFE-DB8A388D6BF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{D1AFED1E-0D24-4EE9-AB13-37B907782896}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1FED3C5-5055-400B-95F5-BCDB38E57309}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D677561D-303D-4C7A-8174-E626A56863A2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DC1145E8-15B7-4E4A-A79F-204C6C4673EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4C45AAC-8E08-4EAE-A3D1-3B4C6A2EDA98}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE569177-3EB6-4881-8BAD-279E20DA846A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0535AF3A-6136-4A25-8155-DBF45CA6C3A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0B2B2E1E-1DCD-4797-A6AD-FA80E8CB4A3D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0CEDEA87-58E3-4F53-B115-98C17747E9EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D773065-9407-4DC8-A314-16E2C759E6B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15F8C39C-0EBE-44C0-857D-01B58727FDF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{18441C4E-1848-4FC7-9715-6F62598C5A17}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1926A7B4-56C8-44A1-B4DC-9E18085C4C1A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1FE14406-10CE-42CB-9560-1C9C95942887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21D27F2F-B8A5-4895-AC15-C3906D65AE6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{22A538B1-3149-4484-B4CA-7FCC05A99F40}" = protocol=17 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\einstellungen.exe | 
"{24FE52BE-86C8-4D55-A38D-8E44BE0B1F4C}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{290C6B69-AC05-4E69-A51B-4EBCEC49E814}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{315EEEA0-D7BB-4251-8591-36B854B038AE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{33E26CA1-E93F-4C37-8C79-A27F660E37C9}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3A5994FC-34D0-444A-B109-C9DB56D7C2AA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4587B0F8-9368-412A-8A2B-70ACCD1ADE68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DC93CEF-F4CE-43E9-9642-54C94EA2A60C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E318F93-E6E9-40ED-AE0F-51573CCB6FAC}" = protocol=6 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\einstellungen.exe | 
"{50471E20-30A0-4FA9-95DF-D2A4C7F9AEFF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5EBB195A-67D5-4A9F-8F1E-E39C2B0F3159}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{63653F92-DF97-419E-957F-00DA61BF373A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64B12A9D-1A36-49C2-8984-3099D2EE3979}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6E11FB3D-3E82-451A-828E-202C2E0E9C9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{76A7713A-B3A6-4E43-BB47-8BD01879BB5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7F67A26E-9295-42E9-9363-B1587B956E0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{80EC4CF4-8CF7-4B43-9EB9-311942A356DB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8887879D-82AE-4081-BFC2-B92C451E0268}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8D4AF41A-F80A-4591-B05C-E900ED44C42A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{90263D9A-2519-427B-B99A-41ED12563193}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B628851-88A3-4766-AE49-C117EBD9FC8F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9EC325EB-22F2-4698-9203-882CEA97E66C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9ED4B4F8-3E53-4E0B-9F5C-5BAADEB34A40}" = protocol=17 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\acsecuritylayer.exe | 
"{A3F6DCA2-6BAA-4103-BDCA-236283EE9522}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A46B6304-4DC2-4737-A0AE-BEC61F3EFBD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AE9A6755-CAE0-4E5B-AA6C-DEDD1FEEB204}" = protocol=6 | dir=in | app=c:\program files\a-trust gmbh\bürgerkartensoftware\acsecuritylayer.exe | 
"{B61A50FE-5213-45B4-B97F-17176C866EAC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B8D7C0CA-3472-45DE-8171-DB3440E83552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C38C2910-C1F5-4478-905F-2B9E54DC57BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C946CC99-0FA1-40F5-A7E0-8CD41625A9A5}" = protocol=6 | dir=out | app=system | 
"{D1992807-8EF1-460E-BDB1-DF9BA9E5A741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1BF2B27-FD0D-46AE-90DC-E7DD4D2A2663}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D38CA991-C7B1-4315-ABAE-E5AD16B31682}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E45E17B0-5261-4122-BEAC-BC05CBE21879}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EA3CA5C3-2AC5-4F85-92D8-80BA9AB862D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EAB1D282-35CE-4683-A9EE-7F9CC74C3F97}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EFB013F2-773C-4A2C-B609-EB9F77CBEA77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB0DEE4D-A5AD-4FE1-950C-C11F3612F874}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FBB9C2F9-56A5-41EF-93FA-E651E89A55D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF133A0F-085C-4598-8DA0-8F67330FEFBC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0CCA6A88-3FC2-45E5-8F2F-EAA31DD3ABB6}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"TCP Query User{2978AA96-E0BF-456D-B470-21C0D24D4B52}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3AC6690C-E211-4496-AE98-5FB585EC4EFF}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{AA2D9884-ED71-4989-B6C2-39F1213B3FBF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{B76A566B-15F5-4A4A-8EAB-798470615BFA}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"TCP Query User{C3A02543-5B42-444A-B19C-92774420D690}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{010819A0-FDD1-47D9-AB3E-6F41B328FE92}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{0193A1A0-EDE8-41AE-8D7F-9ECA84D6B547}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1B4EA5C9-6590-433D-A58B-F75369CCD4CD}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
"UDP Query User{308A72D6-A4C6-4E5E-9458-F29D36959D56}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{791F1F9D-D7A7-4F2F-819E-C61ABA30682D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{FF8BB390-F62F-421C-8C4B-4400451058A5}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series" = Canon MX890 series MP Drivers
"{14EEBDFB-6217-4F98-8563-8342C42E8571}" = Snagit 11
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{867F4564-412F-40BD-8D89-2FB679C52A41}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96D198CA-AE1F-4A5E-96AB-77376BD08A62}" = AquaSoft DiaShow 7 Blue Net
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6C8CD51-1AE4-474D-BA2D-125CDBEADD03}" = MEDION GoPal Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACA253A0-E903-4684-86AB-E4A09C47F1F7}" = MindManager X5 Pro
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = USB2.0 PC Camera
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EECA3522-2FAB-449C-873A-37B5109BD72E}" = Mobile Master
"{F1D70D18-6CDC-4839-A01B-660D19CA3A5E}" = iSpy
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
"{FBBCDE19-2EBB-437D-BB44-B8899E56EA9E}" = SE309
"a.sign Bürgerkartensoftware" = a.sign Bürgerkartensoftware 1.4.2.1
"a.sign Client" = a.sign Client 1.3.1.15
"a.sign PDF" = a.sign PDF 1.11.9.2a
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AquaSoft DiaShow 7 Blue Net" = AquaSoft DiaShow 7 Blue Net
"asignPDFverify" = asignPDFverify 1.0.9.0
"bob internet" = bob internet
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon MX890 series Benutzerregistrierung" = Canon MX890 series Benutzerregistrierung
"Canon MX890 series On-screen Manual" = Canon MX890 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)  
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EcoScan 3.0" = EcoScan 3.0
"FreeFileSync" = FreeFileSync 5.15
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Master" = Mobile Master 8.5.8
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Picasa 3" = Picasa 3
"Pixum Fotobuch" = Pixum Fotobuch
"PROSet" = Intel(R) Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"SE309" = SE309
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Speed Dial Utility" = Canon Kurzwahlprogramm
"TERRATEC Grabby" = TERRATEC Grabby V5.09.1202.00
"VLC media player" = VLC media player 2.0.6
"XMind" = XMind
"XnConvert_is1" = XnConvert 1.55
"XnView_is1" = XnView 1.99.6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2013 10:09:01 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158435
 
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092
 
Error - 15.03.2013 10:40:54 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2106
 
Error - 15.03.2013 10:40:55 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2106
 
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 90075
 
Error - 15.03.2013 10:42:22 | Computer Name = Michael-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 90075
 
[ System Events ]
Error - 02.06.2013 17:17:42 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 02.06.2013 17:17:42 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 104.0.0.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%886     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 2.1.9510.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:33:32 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9506.0     Fehlercode:
 0x80072ee2     Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 
 
Error - 03.06.2013 02:34:05 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:34:05 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:34:29 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 104.0.0.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%886     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 2.1.9510.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9506.0     Fehlercode:
 0x80072ee2     Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 
 
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.151.950.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.950.0&asdelta=1.151.950.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9506.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 03.06.2013 02:39:22 | Computer Name = Michael-NB | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 104.0.0.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=2.1.9510.0&sig=104.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%886     Aktualisierungstyp: %%803     Benutzer: Michael-NB\Michael     Aktuelle Modulversion:
      Vorherige Modulversion: 2.1.9510.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
 
< End of report >
         
Danke für eure Unterstützung!

Grüße,
barista

P.S.: Habt heute eine Spende bekommen :-)

Alt 04.06.2013, 14:09   #2
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo barista,

Zitat:
P.S.: Habt heute eine Spende bekommen :-)
Dann müssen wir uns jetzt ja nicht mehr bemühen.
Spass beiseite, vielen Dank schon einmal dafür!

Ich warte noch auf das Gmer-Log.

Und:
Zitat:
Habe daraufhin einen vollständigen Scan (mache sonst meist nur Quick-Scans) mit MSE durchgeführt (gestern), bei dem die im Betreff genannten Elemente gefunden wurden.
Kannst du bitte noch eine Reportdatei von MSE posten, wo diese Funde dokumentiert sind?
__________________

__________________

Alt 04.06.2013, 14:21   #3
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo aharonov,

Zitat:
Zitat von aharonov Beitrag anzeigen
Dann müssen wir uns jetzt ja nicht mehr bemühen.
Ich bin nicht davon ausgegangen, dass die Unterstützung dann sofort eingestellt wird. Dazu wirkt euer Auftritt viel zu engagiert ;-)

Zitat:
Zitat von aharonov Beitrag anzeigen
Kannst du bitte noch eine Reportdatei von MSE posten, wo diese Funde dokumentiert sind?
Wo finde ich die? Den "Fund" habe ich aus dem Verlauf von MSE abgeschrieben. Dort kann man (ich?) aber keinen Text herauskopieren.

Grüße,
barista
__________________

Alt 04.06.2013, 14:30   #4
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo,

Zitat:
Wo finde ich die? Den "Fund" habe ich aus dem Verlauf von MSE abgeschrieben. Dort kann man (ich?) aber keinen Text herauskopieren.
(Ausführliche) Log-Dateien müssten unter C:\ProgramData\Microsoft\Microsoft Antimalware\Support oder unter C:\ProgramData\Microsoft\Microsoft Security Essentials\Support zu finden sein.

Ich brauche einfach nur die Dateinamen inklusive vollständigem Pfad der Funde. Du kannst diese sonst auch aus dem Verlauf abkopieren oder einen Screenshot machen oder wie auch immer.
__________________
cheers,
Leo

Alt 04.06.2013, 14:51   #5
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Leo,

das sind die letzten Zeilen aus einem Logfile, das ich unter dem ersten von dir genannten Pfad gefunden habe (die Zeilen vor diesem Ausschnitt beziehen sich auf einen ergebnislosen Quickscan eine Woche davor):
Code:
ATTFilter
2013-06-02T20:47:36.706Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-06-02T20:47:41.295Z Version: Product 4.2.223.0 Service 4.2.223.0 Engine 1.1.9506.0 AS 1.151.950.0 AV 1.151.950.0
2013-06-02T21:03:09.641Z DETECTION Exploit:Java/CVE-2013-2423 file:\Device\HarddiskVolumeShadowCopy7\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5182ea6-5b965eda->Abc.class
2013-06-03T04:28:30.519Z DETECTION Exploit:Java/CVE-2013-2423 file:\Device\HarddiskVolumeShadowCopy10\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5182ea6-5b965eda->Abc.class
2013-06-03T05:26:24.578Z DETECTION Exploit:Java/CVE-2013-2423 file:\Device\HarddiskVolumeShadowCopy13\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5182ea6-5b965eda->Abc.class
2013-06-03T06:42:51.596Z Version: Product 4.2.223.0 Service 4.2.223.0 Engine 1.1.9506.0 AS 1.151.1481.0 AV 1.151.1481.0
2013-06-03T13:43:37.864Z DETECTION Rogue:Win32/Winwebsec file:C:\Users\Michael\AppData\Local\Temp\B23E.tmp->(PECompact2 v2.50+)
2013-06-03T13:43:37.869Z DETECTION PWS:Win32/Fareit file:C:\Users\Michael\AppData\Local\Temp\BFA7.tmp
2013-06-03T13:43:37.873Z DETECTION Exploit:Java/CVE-2013-2423 file:C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5182ea6-5b965eda->Abc.class
2013-06-03T15:53:39.627Z DETECTION Rogue:Win32/Winwebsec file:C:\Users\Michael\AppData\Local\Temp\B23E.tmp->(PECompact2 v2.50+)
2013-06-04T05:33:11.198Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-06-04T05:33:17.533Z Version: Product 4.2.223.0 Service 4.2.223.0 Engine 1.1.9506.0 AS 1.151.1519.0 AV 1.151.1519.0
2013-06-04T06:00:17.312Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-06-04T06:00:23.988Z Version: Product 4.2.223.0 Service 4.2.223.0 Engine 1.1.9506.0 AS 1.151.1519.0 AV 1.151.1519.0
         
Genügt dir das? Es gibt noch ein zweites, viel umfangreicheres Logfile.

Grüße,
Michael


Geändert von barista (04.06.2013 um 15:08 Uhr) Grund: Tippfehler

Alt 04.06.2013, 15:09   #6
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Michael,

ja das ist alles, was ich sehen wollte, danke.
Wie ist der Stand bei Gmer?
__________________
--> Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?

Alt 04.06.2013, 15:17   #7
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Leo,

Scannt noch immer. Ich seh leider keine Info über den Fortschritt. Auf Grund der Anzahl der zu scannenden Dateien und der Scanzeit pro Datei schätze ich, dass das noch eine ziemliche Weile dauern wird.
Die Einstellungen für den Scan habe ich wie empfohlen gewählt (scannt auch nur C:\, sind aber ca. 215 GB mit 365.000 files).

Grüße,
Michael

Alt 04.06.2013, 15:30   #8
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Aber kannst du erkennen, dass er immer noch am Scannen ist (durch eine sich verändernde Anzeige) oder ist er eingefroren?
__________________
cheers,
Leo

Alt 04.06.2013, 15:46   #9
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Ist fleissig am Scannen (sichtbar an der "Statuszeile" links unten im Programmfenster).
Der Rechner hat einen Intel Dual-Core mit 2x2,5GHz und 4 GB RAM. Ist also nicht der allerschnellste.
Darf ich eigentlich während des Scans auf dem Rechner irgend was machen? Müsste zB in meinem Kalender in Outlook was nachsehen (will nicht damit "arbeiten"). Der Rechner ist nun leider schon ziemlich lange durch den Scan "blockiert".

Grüße,
Michael

Alt 04.06.2013, 21:26   #10
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Michael,

ist der wirklich immer noch am Scannen?
Kurz was nachsehen oder so ist schon ok, einfach richtig was am Rechner arbeiten wird dem Scan nicht förderlich sein.
__________________
cheers,
Leo

Alt 04.06.2013, 22:37   #11
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Leo,

der Scan läuft in der Tat noch. Habe schon versucht, den Prozess zu beschleunigen, indem ich eine höhere Priorität einräume: ohne Erfolg. Die CPU-Auslastung bleibt bei rd. 50%.
Da hilft offenbar nur Geduld ...

Grüße,
Michael

Alt 04.06.2013, 22:41   #12
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Michael,

ja gut, wenn er noch läuft und nicht eingefroren ist, hilft wohl wirklich nur Geduld..
__________________
cheers,
Leo

Alt 05.06.2013, 06:14   #13
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



So, nun ist der Scan fertig. Hier das Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-05 06:08:09
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwliapow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         83044A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           8307E1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cf093d                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cf093d@78a3e49dd6a7         0x4C 0x11 0x17 0x91 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cf093d (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cf093d@78a3e49dd6a7             0x4C 0x11 0x17 0x91 ...

---- EOF - GMER 2.1 ----
         

Alt 05.06.2013, 12:02   #14
aharonov
/// TB-Ausbilder
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Michael,

jetzt scannt der so lange und das Logfile ist doch so kurz..
Nun gut, weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 05.06.2013, 20:51   #15
barista
 
Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Standard

Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?



Hallo Leo,

diesmal gingen die Scans schneller :-)

Hier die Logfiles:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 05/06/2013 um 18:56:11 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Admin - MICHAEL-NB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michael\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Users\Admin\AppData\Local\Temp\Zynga
Ordner Gelöscht : C:\Users\Admin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Michael\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5m0jx3me.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e0uuplke.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1345 octets] - [05/06/2013 18:56:11]

########## EOF - \AdwCleaner[S1].txt - [1405 octets] ##########
         
Code:
ATTFilter
ComboFix 13-06-05.01 - Admin 05.06.2013  19:09:02.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.3536.2414 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Local\assembly\tmp
c:\users\Michael\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-05 bis 2013-06-05  ))))))))))))))))))))))))))))))
.
.
2013-06-05 17:16 . 2013-06-05 17:17	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-06-05 17:16 . 2013-06-05 17:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-05 16:56 . 2013-06-05 16:56	105	----a-w-	c:\windows\DeleteOnReboot.bat
2013-06-05 16:51 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D63CF24-D403-4745-AE51-FE62A4588E32}\mpengine.dll
2013-06-05 04:04 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-26 15:39 . 2013-05-11 22:27	262552	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-26 15:39 . 2013-05-11 22:26	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-05-26 12:33 . 2013-05-26 16:44	--------	d-----w-	c:\users\Michael\AppData\Roaming\FreeFileSync
2013-05-26 11:55 . 2013-05-26 11:55	--------	d-----w-	c:\program files\FreeFileSync
2013-05-22 06:01 . 2013-05-22 06:00	724464	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96D3337F-FDD5-44D0-AFD8-504DC5A5AEA5}\gapaengine.dll
2013-05-15 07:38 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 07:38 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 07:38 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 07:38 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:38 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 07:37 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 07:37 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 07:37 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-12 06:45 . 2013-05-12 06:45	--------	d-----w-	c:\users\Michael\AppData\Roaming\Media Player Classic
2013-05-11 13:34 . 2007-04-27 07:42	65536	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-11 13:34 . 2007-04-27 07:42	49152	----a-w-	c:\windows\system32\QuickTime.qts
2013-05-11 13:33 . 2007-05-02 12:28	131072	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-11 13:33 . 2007-05-02 12:28	131072	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-11 13:33 . 2007-05-02 12:28	131072	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-11 13:33 . 2007-05-02 12:28	131072	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-11 13:33 . 2007-05-02 12:28	131072	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-11 13:33 . 2013-05-11 13:33	--------	d-----w-	c:\program files\Media Player Classic
2013-05-11 13:33 . 2004-01-11 22:00	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-05-11 13:33 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-05-11 13:33 . 2013-05-11 13:34	--------	d-----w-	c:\program files\QuickTime Alternative
2013-05-11 13:23 . 2013-05-11 13:23	--------	d-----w-	c:\users\Michael\AppData\Roaming\MPEG Streamclip
2013-05-11 12:55 . 2013-05-11 12:55	--------	d-----w-	c:\users\Michael\AppData\Roaming\4Free
2013-05-11 12:14 . 2013-05-11 12:14	--------	d-----w-	c:\users\Admin\AppData\Roaming\4Free
2013-05-11 10:37 . 2013-05-11 10:37	209472	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37	209472	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 07:40 . 2012-09-15 12:18	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 07:40 . 2012-09-15 12:18	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-06 07:25 . 2013-05-06 07:26	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-05-06 07:25 . 2012-09-15 04:33	866720	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-05-06 07:25 . 2012-09-15 04:33	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-02 15:28 . 2012-09-12 15:38	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 08:04 . 2012-09-27 13:31	706640	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 04:45 . 2013-05-15 07:38	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:38	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-25 06:14	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-19 05:04 . 2013-04-14 06:06	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 06:06	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-14 06:06	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-14 06:06	69632	----a-w-	c:\windows\system32\smss.exe
2013-03-13 22:20 . 2013-03-13 22:20	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 22:20 . 2013-03-13 22:20	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-03-13 22:20 . 2013-03-13 22:20	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-03-13 22:20 . 2013-03-13 22:20	158720	----a-w-	c:\windows\system32\msls31.dll
2013-03-13 22:20 . 2013-03-13 22:20	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-03-13 22:20 . 2013-03-13 22:20	138752	----a-w-	c:\windows\system32\wextract.exe
2013-03-13 22:20 . 2013-03-13 22:20	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-13 22:20 . 2013-03-13 22:20	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 22:20 . 2013-03-13 22:20	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-13 22:20 . 2013-03-13 22:20	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-03-13 22:20 . 2013-03-13 22:20	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-13 22:20 . 2013-03-13 22:20	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-03-13 22:20 . 2013-03-13 22:20	361984	----a-w-	c:\windows\system32\html.iec
2013-03-13 22:20 . 2013-03-13 22:20	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-13 22:20 . 2013-03-13 22:20	12800	----a-w-	c:\windows\system32\mshta.exe
2013-03-13 22:20 . 2013-03-13 22:20	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-13 22:20 . 2013-03-13 22:20	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-13 22:18 . 2013-03-13 22:18	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-03-13 22:18 . 2013-03-13 22:18	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-13 22:18 . 2013-03-13 22:18	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-13 22:18 . 2013-03-13 22:18	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-13 22:18 . 2013-03-13 22:18	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-13 22:18 . 2013-03-13 22:18	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 22:18 . 2013-03-13 22:18	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-03-13 22:18 . 2013-03-13 22:18	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-13 22:18 . 2013-03-13 22:18	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-03-13 22:18 . 2013-03-13 22:18	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-03-13 22:18 . 2013-03-13 22:18	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-13 22:18 . 2013-03-13 22:18	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-13 22:18 . 2013-03-13 22:18	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-03-13 22:18 . 2013-03-13 22:18	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-13 22:18 . 2013-03-13 22:18	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-13 22:18 . 2013-03-13 22:18	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-03-13 22:18 . 2013-03-13 22:18	1504768	----a-w-	c:\windows\system32\d3d11.dll
2013-03-13 22:18 . 2013-03-13 22:18	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-03-13 22:18 . 2013-03-13 22:18	1080832	----a-w-	c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"acSecurityLayer"="c:\program files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2012-08-20 3609800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-14 209216]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2009-06-09 319488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files\A-Trust GmbH\a.sign Client\ASignLauncher.exe [2012-9-17 1910984]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-9-12 50688]
MindManager PDF Writer.lnk - c:\program files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe [2003-2-21 61440]
SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-10-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 29472]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-10-28 544000]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 9216]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-11-16 47176]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-11-16 59136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1343400]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\aestsrv.exe [2009-03-02 81920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-12 221912]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-18 277440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 07:40]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 16:18]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-13 16:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.33.99.70 80.120.17.70
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e0uuplke.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Michael/Documents/_MPO/Computer/Internet/Startseite/Startseite.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ACSW14DE - c:\program files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
HKLM_ActiveSetup-Nitro PDF Professional - //B
AddRemove-EcoScan 3.0 - c:\windows\unin0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{3C044C85-71B7-4C4D-B131-4C31C2D0A7C8} - c:\programdata\{7C332E1C-B96C-4192-8CE6-B4AD1645AA40}\GaBi5_DemoSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-05  19:18:39
ComboFix-quarantined-files.txt  2013-06-05 17:18
.
Vor Suchlauf: 19 Verzeichnis(se), 20.445.036.544 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 23.262.879.744 Bytes frei
.
- - End Of File - - 3E5AA355F045C11BE2DDC020A511C2C4
         
Code:
ATTFilter
OTL logfile created on: 05.06.2013 20:38:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 64,49% Memory free
6,90 Gb Paging File | 5,68 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,86 Gb Total Space | 22,19 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
Drive F: | 750,00 Mb Total Space | 541,25 Mb Free Space | 72,17% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-NB | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 08:05:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013.05.23 20:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.19 13:48:10 | 001,404,768 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMAgent.exe
PRC - [2012.11.19 13:48:04 | 000,921,440 | ---- | M] (Jumping Bytes) -- C:\Programme\Mobile Master\MMScan.exe
PRC - [2012.09.17 17:40:04 | 001,910,984 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\a.sign Client\ASignLauncher.exe
PRC - [2012.08.20 12:51:56 | 003,609,800 | ---- | M] (A-Trust GmbH) -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe
PRC - [2011.08.04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.07.25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011.07.19 05:53:07 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.29 12:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe
PRC - [2009.06.19 14:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.06.09 10:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
PRC - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe
PRC - [2009.02.01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.01.31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.11.24 13:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003.02.21 14:16:16 | 000,061,440 | R--- | M] (Tracker Software Products) -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.20 12:52:20 | 000,007,368 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll
MOD - [2012.08.20 12:52:18 | 002,393,288 | ---- | M] () -- C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll
MOD - [2012.08.20 12:52:16 | 000,406,728 | ---- | M] () -- C:\Programme\A-Trust GmbH\a.sign Client\plug_acSecurityLayer.dll
MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.05.14 12:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 16:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
MOD - [2003.04.27 16:02:28 | 000,011,264 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xmf.dll
MOD - [2003.02.05 16:22:04 | 000,017,920 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\xc_local.dll
MOD - [2003.01.23 14:55:00 | 000,018,944 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xcx.dll
MOD - [2003.01.22 18:29:32 | 000,024,576 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_jb2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 09:40:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.13 18:39:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\stacsv.exe -- (STacSV)
SRV - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.03.26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012.01.31 16:37:42 | 000,587,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2012.01.31 16:37:42 | 000,551,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2012.01.31 16:37:42 | 000,032,512 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.16 09:56:26 | 000,059,136 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.11.16 09:56:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.28 09:57:32 | 000,544,000 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2009.07.29 13:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.06.15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.06.13 01:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2009.05.28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/Michael/Documents/_MPO/Computer/Internet/Startseite/Startseite.html
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F3 C6 DD 19 15 CE 01  [binary data]
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 12 C8 E2 98 CD 01  [binary data]
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Michael/Documents/_MPO/Computer/Internet/Startseite/Startseite.html"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 17:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.26 17:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.26 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.08 14:34:41 | 000,000,000 | ---D | M]
 
[2012.10.20 12:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.10.26 08:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e0uuplke.default\extensions
[2013.05.26 17:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:39:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.05 19:16:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1999683869-3991724058-883945574-1000..\Run: [Akamai NetSession Interface] C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1999683869-3991724058-883945574-1000..\Run: [MMAgent] C:\Programme\Mobile Master\MMAgent.exe (Jumping Bytes)
O4 - HKU\S-1-5-21-1999683869-3991724058-883945574-1004..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1999683869-3991724058-883945574-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1999683869-3991724058-883945574-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.33.99.70 80.120.17.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A0E855-CD77-4DE4-9F63-EB21BBBA998B}: DhcpNameServer = 213.33.99.70 80.120.17.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EEF76ED-55AE-4BB2-896C-D02FF104533E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 19:18:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.05 19:18:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.05 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2013.06.05 19:05:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.05 19:05:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.05 19:05:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.05 19:04:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.05 19:04:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.05 19:04:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.26 13:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync
[2013.05.26 13:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[2013.05.11 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
[2013.05.11 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2013.05.11 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013.05.11 14:14:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\4Free
[2013.05.11 14:08:20 | 034,173,045 | ---- | C] (4Free Studio                                                ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 20:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 20:36:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.05 20:34:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.05 19:16:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.05 19:05:30 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 19:05:30 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 18:58:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 18:58:07 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 18:56:35 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 21:26:09 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 21:26:09 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 21:26:09 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 21:26:09 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 07:59:01 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.05.15 11:10:57 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.13 08:51:06 | 000,007,626 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2013.05.11 14:10:02 | 034,173,045 | ---- | M] (4Free Studio                                                ) -- C:\Users\Admin\Desktop\4free_video_converter_3-3.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.05 19:05:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.05 19:05:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.05 19:05:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.05 19:05:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.05 19:05:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.05 18:56:25 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 07:58:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.05.26 17:39:32 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.16 17:31:22 | 000,007,626 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012.09.21 13:49:02 | 000,002,157 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
[2012.09.18 11:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2012.09.18 11:10:17 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012.09.18 11:06:58 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012.09.18 11:02:03 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL
[2012.09.14 15:46:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.13 03:16:08 | 000,696,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.09.13 03:16:08 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.09.13 03:16:08 | 000,148,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.09.13 03:16:08 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 15:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.11 14:14:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\4Free
[2013.04.19 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\A-Trust GmbH
[2012.10.08 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems
[2012.12.20 20:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2012.10.26 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GoPal Assistant
[2012.10.14 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iSpy
[2012.10.17 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.03.01 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mindjet
[2012.12.20 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NewSoft
[2012.12.12 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PE International
[2012.09.18 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2013.05.11 14:55:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\4Free
[2013.04.03 07:51:22 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\A-Trust GmbH
[2012.10.08 09:24:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ACD Systems
[2012.10.20 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AquaSoft
[2013.03.21 10:56:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2013.06.05 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2013.05.26 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeFileSync
[2012.10.13 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GARMIN
[2012.10.26 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GoPal Assistant
[2013.05.06 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iSpy
[2012.12.25 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Jumping Bytes
[2012.12.25 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mobile Master
[2013.05.11 15:23:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MPEG Streamclip
[2012.10.26 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NewSoft
[2012.09.14 16:49:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nitro PDF
[2012.12.12 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PE International
[2013.03.22 20:01:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TechSmith
[2013.05.27 09:07:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2013.03.22 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XnConvert
[2013.05.11 13:48:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
Grüße,
Michael

Antwort

Themen zu Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
adobe reader xi, akamai, autorun, bho, bonjour, computer, converter, defender, ebay, entfernen, error, exploit:java/cve-2013-2423, fehlermeldung, flash player, format, frage, helper, install.exe, internet, langsam, mozilla, passwortmanager, pws:win32/fareit, registry, rogue:win32/winwebsec, rundll, scan, security, senden, sketchup, svchost.exe, tracker, udp, ändern



Ähnliche Themen: Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?


  1. Gemeiner Trojaner HEUR:Exploit.Java.CVE-2013-2423.gen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2015 (15)
  2. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  3. EXP/CVE-2013-2423.HV von AntiVir gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (16)
  4. Win XP HEUR:Exploit.Java.CVE-2013/2423.gen
    Log-Analyse und Auswertung - 07.09.2013 (1)
  5. HEUR:EXPLOIT.Java.CVE-2013-1493a - 3 Mal Maleware von Kaspersky gefunden
    Log-Analyse und Auswertung - 23.08.2013 (23)
  6. HEUR:Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 27.07.2013 (19)
  7. AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27
    Log-Analyse und Auswertung - 24.07.2013 (13)
  8. Deinstallieren von : HEUR: Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 19.06.2013 (7)
  9. TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden
    Log-Analyse und Auswertung - 10.06.2013 (4)
  10. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  11. variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus
    Log-Analyse und Auswertung - 12.05.2013 (15)
  12. Kaspersky meldet "Gefunden: HEUR:Exploit.Java.CVE-2013-0422.gen"
    Log-Analyse und Auswertung - 14.04.2013 (12)
  13. Exploit.Java.CVE-2013-0422d von Kaspersky gefunden und gelöscht/desinfiziert. Was nun?
    Log-Analyse und Auswertung - 04.03.2013 (14)
  14. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  15. Exploit:Java/Blacole.FY; Win32/Karagany.I; Verschlüsselung
    Log-Analyse und Auswertung - 29.06.2012 (7)
  16. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  17. Exploit.PDF-JS.Gen,Trojan.Win32.GenericBT&Win32.BackdoorPoison entdeckt und entfernt - Logfile
    Log-Analyse und Auswertung - 20.09.2010 (11)

Zum Thema Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? - Bei einem routinemäßigen Backup meines Laptops mit Windows-Backup habe ich eine Fehlermeldung über ein nicht ordnungsgemäß abgeschlossenes Backup erhalten (das war vor 8 Tagen; war jetzt 1 Woche verreist und - Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?...
Archiv
Du betrachtest: Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.