Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ZeuS/ZBot Trojaner laut Telekom

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.08.2013, 23:42   #1
5idestep
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Hallöchen,

ich bin neu hier und bin auf die Seite gestoßen nachdem ich gegoogelt habe ob der Brief der Telekom seriös ist. Dabei hab ich festgestellt das hier einige so einen Brief bekommen haben.
Wie ich gemerkt habe kann mir nur geholfen werden wenn ich den LogFile des OTL von Old Timer poste. :P Deshalb hänge ich den Schritt gleich mal mit an!

Mein System ist Windows 7 Professionell. Bei mehr benötigten Angaben bitte bescheid geben.
VIELEN DANK FÜR EURE HILFE =)

PS: Avira findet keine "Gefährdungen"
Angehängte Dateien
Dateityp: txt OTL.Txt (67,2 KB, 209x aufgerufen)
Dateityp: txt Extras.Txt (80,2 KB, 236x aufgerufen)

Alt 24.08.2013, 00:35   #2
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom





Mein Name ist Heiko, ich werde dir bei deinem Problem helfen.
Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.
  • Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbochen und erst nach löschen der illegalen Software weitergeführt .
  • Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
    und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Dann fangen wir mal mit Schritt 1 an:

Die Telekom hat Recht, du hast wirklich einen zbot und das ist eine unschöne infektion, das erstmal vorab...

Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.


aber wenn du hier Hilfe willst muss zuerst der crack mist runter :

Zitat:
activate.adobe.com
practivate.adobe.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Deinstalliere die illegale Software und wir können weitermachen
__________________

__________________

Geändert von Aneri (24.08.2013 um 00:47 Uhr)

Alt 24.08.2013, 12:56   #3
5idestep
 
ZeuS/ZBot Trojaner laut Telekom - Standard

Ausgeführt



Hallo Aneri,
danke für die rasche Antwort. Ich habe Adobe CS deinstalliert. Ich habe auch alle anderen adobe Produkte deinstalliert und trotzdem erscheint im LogFile immer noch
Zitat:
activate.adobe.com
practivate.adobe.com
Ich weiß nicht was ich noch deinstallieren soll um diesen Eintrag wegzubekommen.

Ich habe auch meinen PC mal ordentlich von Programmen entrümpelt, die ich sowieso nicht mehr nutze. Vielleicht erleichtert das die Arbeit.
Außerdem habe ich das Programm "Hitman Pro" durchlaufen lassen. Dieses wurde mir laut dem Brief der Telekom empfohlen. Es hat unzählige "*.exe-Dateien" als Trojaner identifiziert (Avira hatte gar nichts gefunden!) und laut Bericht gelöscht. Ich habe ihn erneut drüber laufen lassen und er hat kein Risiko mehr gefunden.
Trotzdem möchte ich mich gerne weiter absichern. Deshalb hier der leue Log! THX!

Code:
ATTFilter
OTL logfile created on: 24.08.2013 13:39:53 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\5idestep\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,66% Memory free
4,00 Gb Paging File | 2,53 Gb Available in Paging File | 63,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,26 Gb Total Space | 10,82 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive D: | 545,91 Gb Total Space | 298,52 Gb Free Space | 54,68% Space Free | Partition Type: NTFS
Drive E: | 129,51 Gb Total Space | 27,54 Gb Free Space | 21,26% Space Free | Partition Type: NTFS
Drive F: | 19,43 Gb Total Space | 1,75 Gb Free Space | 9,01% Space Free | Partition Type: NTFS
 
Computer Name: 5IDESTEP-PC | User Name: 5idestep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\5idestep\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\deCleaner.exe (Avira GmbH)
PRC - C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe (Avira GmbH)
PRC - C:\Programme\Opera\15.0.1147.153\opera_crashreporter.exe ()
PRC - C:\Programme\Opera\15.0.1147.153\opera.exe (Opera Software)
PRC - C:\Programme\Heimdal\HeimdalSecureDNS\DNSService.exe (Microsoft)
PRC - C:\Programme\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
PRC - C:\Programme\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
PRC - C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
PRC - C:\Programme\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\5idestep\AppData\Local\Temp\decleaner\avwebloader.exe (Avira GmbH)
PRC - C:\Programme\CHERRY Mouse Driver\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Programme\CHERRY Mouse Driver\KMProcess.exe (UASSOFT.COM)
PRC - C:\Programme\CHERRY Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\CHERRY Mouse Driver\StartAutorun.exe (UASSOFT.COM)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Opera\15.0.1147.153\ffmpegsumo.dll ()
MOD - C:\Programme\Opera\15.0.1147.153\opera_crashreporter.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\f7737cce1de95bc3fdf2b3de8dcc9712\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\8bd6ca89219c44bf986be31fef05dbcf\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\3cb1983c1548b73c1fd7822f6a7a3edf\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\fe3e0f283a7445ec9a84068f424521eb\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\fc306f0ba879221da3b71714737497b4\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e0fa604d4aef9d2ff468afca3c7ccdd0\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\b6a7e28cce059bace851689e7a069281\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\e12846065ed6399ab30457e0cfa92e46\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\f5ecfc22c14690fc0fceebcb97cd96c8\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\d3900e8082186592ad4795983bd89a79\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\e47cb115ee5c9ab8fa1955db87f87674\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\32b7f0430ae844b0c88da44c69445b13\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\04dcb396677acf05d2ee8bf56bdb098a\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\40a5bae65f1d322a9695313889c64918\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\4c60f752ae448f481ca5e10900220c30\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\eb34712b511270f363e1fa8fe432bb02\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\169d9398b8fedc52c9caf3abf9a95e6c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\de4d9951079783994e4c2ff6661eb343\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98afc9f55b779475918d9bf3f5dffdd1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\509e20d4dfced30dd765fcc43ec3e985\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\2044d526f28b86f19b3a5ab4457565ae\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4077c9bd5ce80c3efcc5a8e1b2fb6916\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\dfd678fd027105ff967233cb1e7b3956\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\bdfa1708c9a528569d5eba80158dcdc9\DeviceCommonLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d92c612287eb7f54d636ce76ea005def\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\304e192d0d141996200af7c13907c863\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c9ec20ac9d7aacf399e12929598dbe88\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\2346a1551589b170ab0dbda3d6a9bfd6\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\a872e01c403ea61efb1abb335cff2487\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6b38cc3e15bb325304623becb93b080e\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4a51b22c2085ffa743b5add4c5f8bd14\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\b98d0680f5720b3bd22d55e649739bd8\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7458d922b48a5f210eba6efb2c7f17b6\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e63e006e8c0bd72b398c34237b4cb2d8\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ace094fd4f13cf857b510fd654ec9adc\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\77b93e26fa90be173b1408f75c21227a\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\cdf4c23633be7bff849e56858bd92e33\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f69842a59a80267c673735eab7b0bcd3\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\3e0a1c2ac1939cfae133e52807d9ee58\Kies.ni.exe ()
MOD - C:\Users\5idestep\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c91632cef78dc1e1ab7dce314c64f7a0\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3485907c71cb4575a8ae6a9609bfe16c\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cc59aeec8ea9faa8311426a9fba944a6\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7a33af3fa6a140afb8ab0d9190ab2c9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\4373d5deea0fd001dfac01a83f6f2bca\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\83bbc0d5a9689f5de5090dcf3e3958f8\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8834e734c13d53e65982db2a00563ce7\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\564f737274f47efdfa212f8da43286e7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\221d903193177a76f68965e8ffb8cbb4\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Users\5idestep\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Users\5idestep\AppData\Local\Temp\decleaner\scewxmlw.dll ()
MOD - C:\Programme\CHERRY Mouse Driver\keydll.dll ()
MOD - C:\Programme\CHERRY Mouse Driver\MouseHook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HeimdalSecureDNS) -- C:\Programme\Heimdal\HeimdalSecureDNS\DNSService.exe (Microsoft)
SRV - (HeimdalService) -- C:\Programme\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (KMWDSERVICE) -- C:\Programme\CHERRY Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ASPI32) --  File not found
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (a8djavs) -- C:\Windows\System32\drivers\a8djavs.sys (Native Instruments GmbH)
DRV - (a8djusb_svc) -- C:\Windows\System32\drivers\a8djusb.sys (Native Instruments GmbH)
DRV - (KORGUMDS) -- C:\Windows\System32\drivers\KORGUMDS.SYS (KORG INC.)
DRV - (mlkumidi) -- C:\Windows\System32\drivers\mlkumidi.sys (MusicLab, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (synasusb) -- C:\Windows\System32\drivers\synasusb.sys (Steinberg Media Technologies GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 A5 DD A1 D9 C1 CD 01  [binary data]
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
 
 
O1 HOSTS File: ([2012.02.07 18:21:28 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files\CHERRY Mouse Driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58CCCE75-D102-4416-A858-CFE68538DBEA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58CCCE75-D102-4416-A858-CFE68538DBEA}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5C4672E-84B7-4D08-AC52-64E1F3A9472D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9035FA1-715D-4CE5-A5B7-D63F48D5D004}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.08.24 13:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
[2013.08.24 13:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CSIS
[2013.08.24 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Heimdal
[2013.08.24 13:14:33 | 000,000,000 | ---D | C] -- C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.08.24 12:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.08.24 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2013.08.24 12:25:02 | 000,000,000 | ---D | C] -- C:\Users\5idestep\AppData\Local\Opera Software
[2013.08.24 12:25:01 | 000,000,000 | ---D | C] -- C:\Users\5idestep\AppData\Roaming\Opera Software
[2013.08.24 00:26:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\5idestep\Desktop\OTL.exe
[2013.08.10 15:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.08.10 12:35:20 | 000,000,000 | ---D | C] -- C:\Users\5idestep\Desktop\Doreen
 
========== Files - Modified Within 30 Days ==========
 
[2013.08.24 13:22:49 | 000,001,105 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
[2013.08.24 13:15:34 | 000,014,752 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.24 13:15:34 | 000,014,752 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.24 13:08:37 | 003,805,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.08.24 13:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.24 13:07:51 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.24 13:06:01 | 000,009,068 | ---- | M] () -- C:\Windows\System32\.crusader
[2013.08.24 00:26:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\5idestep\Desktop\OTL.exe
[2013.08.21 21:50:17 | 000,697,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.08.21 21:50:17 | 000,652,426 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.08.21 21:50:17 | 000,148,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.08.21 21:50:17 | 000,014,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.08.24 13:22:49 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
[2013.08.24 13:06:01 | 000,009,068 | ---- | C] () -- C:\Windows\System32\.crusader
[2013.08.24 12:24:51 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 15.lnk
[2013.08.24 12:23:07 | 000,001,797 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.04.07 17:29:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.04.07 17:29:37 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.03.14 18:25:33 | 000,007,602 | ---- | C] () -- C:\Users\5idestep\AppData\Local\Resmon.ResmonCfg
[2013.03.13 17:45:12 | 000,324,608 | ---- | C] () -- C:\Windows\System32\libsndfile.dll
[2013.03.12 01:45:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2013.02.14 16:21:22 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2013.02.14 16:16:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2013.02.14 16:16:27 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2013.01.06 16:02:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.01.06 16:02:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013.01.06 16:02:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013.01.06 16:02:25 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2013.01.06 16:02:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.11.05 19:32:13 | 000,000,089 | ---- | C] () -- C:\Windows\SPL7019.DAT
[2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.06.14 19:45:09 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.06.14 19:45:08 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.11 16:21:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.03.21 13:57:19 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.29 18:45:21 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw8b.bin
[2012.02.28 18:47:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.17 08:32:59 | 000,005,632 | ---- | C] () -- C:\Users\5idestep\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.02 18:23:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.01 11:53:56 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\4Free
[2013.03.24 16:17:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Acod
[2013.03.10 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Acxehu
[2013.03.11 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Acxoy
[2013.03.16 10:52:18 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Adqog
[2013.04.13 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Alwaz
[2012.07.08 17:32:28 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\AnvSoft
[2013.04.02 09:26:55 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Aqva
[2013.03.09 15:57:05 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Awca
[2013.03.23 17:15:54 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Axdy
[2013.02.19 11:36:53 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Axlei
[2013.03.23 17:15:54 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Axug
[2013.03.09 15:57:05 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Azha
[2013.03.08 21:18:19 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Azofk
[2013.02.13 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Azwey
[2013.04.24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Beiqw
[2013.04.09 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Bias
[2012.07.08 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\CD-LabelPrint
[2013.08.24 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.02.17 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Daeg
[2012.02.07 18:15:11 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\DAEMON Tools Lite
[2013.04.03 11:52:05 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Doif
[2013.08.24 13:09:08 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Dropbox
[2013.03.12 01:52:42 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\DVDVideoSoft
[2013.08.24 12:35:43 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.07 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ebigc
[2013.02.13 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Elaci
[2013.03.14 07:33:00 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Elmo
[2013.03.26 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Enuxa
[2012.03.21 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\EPSON
[2013.02.15 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Exapam
[2012.09.18 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\FreeMoviesToDVD
[2013.03.30 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Fuqa
[2013.02.13 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Goheu
[2013.04.17 19:31:07 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Goru
[2013.03.21 20:15:35 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Haemu
[2013.03.08 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Hafen
[2013.02.19 11:36:53 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Hasyud
[2013.02.20 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Hioru
[2013.04.07 17:22:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Hoyp
[2013.02.27 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\ID3-TagIT 3
[2013.03.04 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ifmoyc
[2013.03.21 20:15:35 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ikxee
[2013.03.17 08:15:56 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ilizba
[2013.03.24 16:17:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ilob
[2013.03.17 08:15:56 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Inah
[2013.02.20 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ithu
[2013.02.18 11:07:02 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Koaq
[2013.02.18 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Korg
[2013.04.14 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Koyfbi
[2013.04.21 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Miux
[2013.02.21 16:52:17 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\MusicLab
[2013.03.10 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Muvefy
[2012.07.19 22:02:58 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\MyPhoneExplorer
[2013.03.14 07:33:00 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Nuyhu
[2013.02.14 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Obqiv
[2013.04.01 12:53:09 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ocmyz
[2013.04.21 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ofetef
[2013.04.13 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ogfoox
[2013.02.15 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Okuf
[2012.02.07 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Opera
[2013.08.24 12:25:01 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Opera Software
[2013.04.24 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ozase
[2013.06.15 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Piox
[2013.08.24 12:25:24 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\proDAD
[2013.04.01 12:53:09 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Puykco
[2013.04.17 19:31:07 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ruaq
[2013.03.04 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ryfu
[2013.05.25 15:36:43 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Samsung
[2013.04.07 17:22:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Saol
[2013.02.17 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Sauru
[2013.01.03 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.14 16:45:18 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Steinberg
[2013.04.09 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Suev
[2013.03.08 21:18:19 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Tayhze
[2013.03.07 10:51:12 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Towati
[2013.03.31 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ubbu
[2013.03.11 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Utpoi
[2013.03.30 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Vapydo
[2013.02.13 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Veyvb
[2013.02.14 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\VST3 Presets
[2013.04.02 09:26:55 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Wanin
[2013.04.03 11:52:05 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Wibe
[2013.04.06 18:09:12 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Wudik
[2013.04.22 16:30:41 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Xayg
[2013.03.07 10:51:12 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ydino
[2013.04.23 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ygula
[2013.03.26 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Yhweil
[2013.04.14 17:22:31 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Ypcuaf
[2013.03.31 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Yxam
[2013.04.22 16:30:41 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Yxdeto
[2013.03.16 10:52:18 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Yxova
[2013.03.08 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Yzanp
[2013.02.14 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Zias
[2013.04.23 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Zigee
[2013.04.06 18:09:12 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Zonuy
[2013.02.18 11:07:02 | 000,000,000 | ---D | M] -- C:\Users\5idestep\AppData\Roaming\Zucoan
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:88050731

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.08.2013 13:39:53 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\5idestep\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,66% Memory free
4,00 Gb Paging File | 2,53 Gb Available in Paging File | 63,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,26 Gb Total Space | 10,82 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive D: | 545,91 Gb Total Space | 298,52 Gb Free Space | 54,68% Space Free | Partition Type: NTFS
Drive E: | 129,51 Gb Total Space | 27,54 Gb Free Space | 21,26% Space Free | Partition Type: NTFS
Drive F: | 19,43 Gb Total Space | 1,75 Gb Free Space | 9,01% Space Free | Partition Type: NTFS
 
Computer Name: 5IDESTEP-PC | User Name: 5idestep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07443667-1E3F-42C3-90E5-76A2CB40B4D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C124176-183A-4646-93E7-61AB32AC651F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{121BFC9B-8073-4471-8D14-5FE6B0BBE972}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{16248A17-6397-4370-8823-C9E57C4CFCB2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{22F8D2A6-989A-4529-85DD-E0E55360135B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3F7E3975-9A5C-4445-9059-B4476D580763}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4241F9F9-AEB8-4B3F-8F6D-1181BDE05344}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{444A7DCB-DB78-494E-B105-C7589C6114B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DF8F2F1-6F25-406E-9A01-ADEAF5074AE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F212168-234F-407F-AC75-FFD31A836A6F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5AAAC452-E5B1-4A37-957C-E45E4F682B13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{636FC670-AD16-4475-925E-E994599FE457}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6450C5F1-86BD-486A-990F-1600D4F7F11B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{660AD670-798A-4B65-BD1F-B3594710D216}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6FA325CE-AD58-4AB0-932D-93294A945FE1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{72B4781C-C895-4A76-ABB7-EF1BFB11D137}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7F20D9D5-B060-4BEF-AC79-429EA1A12BAD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{83ECF8CA-5547-46D8-9C1F-F71001B1E53E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8908FF09-8405-42E6-A2E9-652CF59C1949}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{899AB7C4-7F6F-4D50-9919-A3BCC9CDACAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8D7AF163-7796-4A01-8002-EBCFC1831AC2}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{9488CF64-D097-4909-B0E8-40341B9BF4B5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{97656710-2B41-44F0-9EC7-1B62B067FE46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F6FC747-86EA-4C5A-969D-8DC7B28BAF17}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A05A47F8-9986-426F-84D2-BE157A2924B5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A25F90B0-0339-4853-8148-ADC362700458}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A2B23106-8014-4FAA-8DD5-2CE5F2D4F5CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C20DC109-9550-4681-A836-812AE5715A71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA0AE1ED-2F92-4FE1-9F36-5D5597D24D50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E13D3982-530F-4D3F-9D0C-9B473B6076F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E44AE8DF-E792-4A50-A31D-6CC324AB1908}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3D2E9CD-5E8D-487D-A74C-DA5EE4BDE3AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6C4EA66-A7EA-4D73-8271-0CBB8E6BEBF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FB96C225-A398-4245-9734-59D574FD6187}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071B6FF6-A904-47A4-9299-4C0C86359B70}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{07778937-1B06-4241-BE19-4D6F1DA74D5C}" = protocol=6 | dir=in | app=f:\spiele\cossacks2\run\data\engine.exe | 
"{0E396038-93EA-424D-A9D8-83339EDDAC20}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{164EDD37-9355-4E3E-847D-29D719DD9CD5}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{1B1F0A6E-624B-47A9-82E3-2E9F4D19443C}" = protocol=17 | dir=in | app=f:\spiele\cruisaider\stronghold crusader\stronghold crusader.exe | 
"{1C785378-6321-4767-8BC8-41406F781041}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20411CE1-C70E-4F77-9C83-CC71EBB534CB}" = protocol=6 | dir=in | app=f:\spiele\cruisaider\stronghold crusader\stronghold crusader.exe | 
"{21D306A6-52ED-464B-BC44-31F2AFD7FB3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23C57F52-BDEA-46C0-847E-400AE62BBCDA}" = protocol=17 | dir=in | app=f:\spiele\stronghold2\stronghold 2\stronghold2.exe | 
"{27CAD97A-F1DD-49EB-9A08-0896DFD63CCE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{296A397D-EBDA-411E-A0B5-C13A5A63A3E7}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{2CFF7520-BF50-4C30-8897-C5DDE826A3DC}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{2F5E6C3E-6C8F-479F-8025-9A0CAF455A32}" = protocol=6 | dir=in | app=e:\programme\pinnacle\studio 16\programs\rm.exe | 
"{3146E7BF-AEBE-4070-9D9A-E8D1EC385F4F}" = protocol=6 | dir=in | app=f:\spiele\stronghold2\stronghold 2\stronghold2.exe | 
"{32AA7F8B-D0CB-4E38-B775-452E226F5014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37B3D868-D8DC-42AA-947B-DA7C20A0C76A}" = protocol=17 | dir=in | app=e:\programme\pinnacle\studio 16\programs\ngstudio.exe | 
"{3C6CF304-C2AA-4645-8921-3E52A1D78DD3}" = protocol=6 | dir=out | app=system | 
"{40C1E232-E57F-4AD7-8F3F-CFEFF3011F03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{40C33D62-FD1F-4284-943C-87054129DDB3}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{40DD1481-106A-4942-A074-ED9501A3AAD1}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{49630166-6694-4C33-9A04-19DFE84C65E5}" = protocol=6 | dir=in | app=c:\users\5idestep\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5519B113-3158-4FFD-911E-14DDA7AE63CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5BB6F71F-20C2-4563-B88F-3301410B4E16}" = protocol=17 | dir=in | app=e:\programme\pinnacle\studio 16\programs\rm.exe | 
"{64AB242D-8090-4694-BDFD-A8C1ED6C80EC}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{7FB042FC-787D-44FF-BFE0-D602ADFBE62F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86ABE2AB-3002-4604-9708-55752DEBA08C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C1ADD26-EE2B-416C-8793-F5C4AAA9F354}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"{95973FC0-A67E-4DC8-B34C-60CFE4E104DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9AB3BC28-C440-4BC2-BD3E-67E44770BD58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0D38FF3-DB6E-4CB7-9C5A-EACEEC4C0504}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A31FB286-8789-4039-99A1-CB3981C0DE88}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{A5F5A200-B24E-4079-BB26-F6BA938E7643}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB4F9823-27E2-49C0-B0EE-231E76C4DC2D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{AD85730F-D443-49B0-9DB6-8981835A4937}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AFC95452-4487-46A7-8555-EF86420C0DB2}" = protocol=6 | dir=in | app=e:\programme\pinnacle\studio 16\programs\umi.exe | 
"{B333499A-7D3A-471E-8389-0F4308A3560C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{B35FA5DF-ECAA-4FF3-8280-DDEEE9F09802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9FA859C-D86F-4582-8A3B-965C8D83CF20}" = protocol=6 | dir=in | app=f:\spiele\cruisaider\stronghold crusader\stronghold_crusader_extreme.exe | 
"{BC2722B9-121E-4596-ABF5-975E7B7EAC94}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{C24A80D8-6571-4D39-821B-88BF5E180E6D}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{C64E887E-0951-4B75-902A-69A4EE7373FC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{C92685CA-A3EF-4FCB-993F-337477330A68}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C9A0C618-7FB9-4991-9280-0C9D9E0BF134}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF81E8A4-4A3E-48AD-B9C1-253C0A2DADBB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D2121ECC-6AD2-4A55-A31F-5500BE73BA4E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{DB0CB69D-A841-4AC3-BF59-2D37D79029E5}" = protocol=17 | dir=in | app=c:\users\5idestep\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DB9EB57D-2F28-49EA-9707-6D43D38A5B87}" = protocol=6 | dir=in | app=e:\programme\pinnacle\studio 16\programs\ngstudio.exe | 
"{DCEBB434-898D-4391-B55F-E38A0390FAEC}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{DD1E5CD7-0227-45DE-BA0A-AB6F1BE59C66}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{DD4AE4A7-49D0-47A9-B130-24B92F3E3F12}" = protocol=17 | dir=in | app=e:\programme\pinnacle\studio 16\programs\umi.exe | 
"{F10F48A8-13FB-4107-AB37-9E9FF0651462}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{F1E890B2-1343-4507-8188-1F3940DDE72C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4F97681-C9C7-4893-97AA-3AE12AA85A34}" = protocol=17 | dir=in | app=f:\spiele\cossacks2\run\data\engine.exe | 
"{FC2118C8-98B4-4BA3-9D72-CB3F242321D2}" = protocol=17 | dir=in | app=f:\spiele\cruisaider\stronghold crusader\stronghold_crusader_extreme.exe | 
"TCP Query User{213B542C-6FC2-4969-AF69-9175B1D7EB1B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{21F4F4F4-B269-48C0-ACF8-8736F3613BC7}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"TCP Query User{544951BA-5A50-4D0C-A283-40FC4B2598C5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{63D6FD25-53C8-4B15-99D2-F498B117AD41}F:\spiele\cossacks2\run\data\engine.exe" = protocol=6 | dir=in | app=f:\spiele\cossacks2\run\data\engine.exe | 
"TCP Query User{64B21EFB-8A96-4D73-8D37-73580047457E}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{77B9D06C-3245-4ACC-988C-A37C9F3DC5AF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{7B9F27E0-0418-488B-9C6A-547453CE1D08}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{B9E013FF-1F68-434E-8F5A-746B0831822B}G:\tl-wpa281\utility\powerline scan.exe" = protocol=6 | dir=in | app=g:\tl-wpa281\utility\powerline scan.exe | 
"TCP Query User{D703A3DE-FB8B-4E70-A93A-55A02A57D1D4}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{F7B3E1B2-D543-4B74-B32D-63301B0AD781}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{0FAA1DB4-355B-43F4-8E67-135159F2A9B5}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{3A166011-2E9C-48B5-80A9-DB6A9A89931A}F:\spiele\cossacks2\run\data\engine.exe" = protocol=17 | dir=in | app=f:\spiele\cossacks2\run\data\engine.exe | 
"UDP Query User{3C4F812B-6F24-49A7-BC89-7F949BFBF69B}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{46F07027-3402-4A03-9F4D-F31F7BF02C6C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{4DA72EBC-6FDD-4631-9FD4-3C39B9437BEA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{58642E88-FA47-4BA3-8174-C81C1E705827}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{697CF55D-D844-477A-AE4D-4F1913E330B2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{ADD3DAE3-63E5-48CE-8BCC-7697BF60AE5B}G:\tl-wpa281\utility\powerline scan.exe" = protocol=17 | dir=in | app=g:\tl-wpa281\utility\powerline scan.exe | 
"UDP Query User{B9198930-FBD5-4D6A-98E2-ED6140AB9CDE}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{F7AA0793-0F84-43FC-8BED-71EFB876F1A4}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0EB4D2B3-9410-4FB7-AD46-C48CE45B9498}" = Steinberg Retrologue
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{188A5482-9167-4177-8916-C13A7F379CB0}" = Native Instruments Solid EQ FX
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2DC42147-D7EB-4C30-BA4C-B4A86A4EF3B3}" = CHERRY Mouse Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A9455EB-0426-47F6-A21F-AAFB8D5F271F}" = AutoSketch Release 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7A758BA6-3B7E-4182-8319-02F64CF1EB77}" = KORG KONTROL Editor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0
"{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}" = Steinberg Upload Manager
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{488F0918-97F9-4CD0-8AD5-8986A46AC962}" = 
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{924A274D-38B6-4930-8859-F3F51CFA8DDD}" = WD SES Driver Setup
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A30B7FD7-04A1-46e1-ABDF-FD592C113253}" = MusicLab Virtual MIDI Driver
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF382DDE-EBE2-4AD5-BA1E-4A69450D6C5B}" = Native Instruments Solid Dynamics FX
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B9AFA8A2-E972-48D2-A30B-B26302B3CE6A}" = KORG USB-MIDI Driver Tools for Windows
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF14C576-C523-4754-A46C-F6D16EDE8A0A}" = Native Instruments Solid Bus Comp FX
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DC0A50F1-AD2A-4B8C-BD9E-C047B3D8F9E5}" = Steinberg Padshop
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"ASIO4ALL" = ASIO4ALL
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Lite" = DAEMON Tools Lite
"eLicenser Control" = eLicenser Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Heimdal" = Heimdal
"ID3-TagIT 3_is1" = ID3-TagIT 3
"InstallShield_{2DC42147-D7EB-4C30-BA4C-B4A86A4EF3B3}" = CHERRY Mouse Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MPE" = MyPhoneExplorer
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Solid Bus Comp FX" = Native Instruments Solid Bus Comp FX
"Native Instruments Solid Dynamics FX" = Native Instruments Solid Dynamics FX
"Native Instruments Solid EQ FX" = Native Instruments Solid EQ FX
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Opera 11.61.1250" = Opera 11.61
"Opera 12.02.1578" = Opera 12.02
"Opera 15.0.1147.153" = Opera Stable 15.0.1147.153
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"RSO ExTreme Punch 3 VST" = RSO ExTreme Punch 3 VST
"RSO Vocal Magic Pro VST" = RSO Vocal Magic Pro VST
"sPlan_70_is1" = sPlan 7.0
"VLC media player" = VLC media player 1.1.11
"WaveLabPro" = WaveLab 6
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4086697998-2822087783-1139883366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2013 06:00:37 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:40 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:43 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:47 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:50 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:53 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:00:57 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:01:12 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 24.08.2013 06:08:11 | Computer Name = 5idestep-PC | Source = VSS | ID = 8194
Description = 
 
Error - 24.08.2013 06:09:14 | Computer Name = 5idestep-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e90    Startzeit: 
01cea0b14a245650    Endzeit: 8    Anwendungspfad: C:\Users\5idestep\Desktop\OTL.exe    Berichts-ID:
 2a4f4c81-0ca5-11e3-8977-f8d111119bfe  
 
[ System Events ]
Error - 14.01.2013 10:38:07 | Computer Name = 5idestep-PC | Source = WMPNetworkSvc | ID = 866297
Description = 
 
Error - 14.01.2013 10:39:27 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 14.01.2013 11:02:16 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 14.01.2013 12:03:45 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 15.01.2013 07:37:40 | Computer Name = 5idestep-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 15.01.2013 07:37:40 | Computer Name = 5idestep-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2013 07:37:49 | Computer Name = 5idestep-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 15.01.2013 07:37:49 | Computer Name = 5idestep-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 15.01.2013 07:39:58 | Computer Name = 5idestep-PC | Source = WMPNetworkSvc | ID = 866297
Description = 
 
Error - 15.01.2013 07:40:57 | Computer Name = 5idestep-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
 
< End of report >
         
__________________

Alt 24.08.2013, 18:24   #4
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Hi

ok, bitte poste noch das Logfile von Hitman Pro... zusätzlich bitte folgenden Schritt abarbeiten...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 24.08.2013, 21:12   #5
5idestep
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Logfile HitmanPro
Code:
ATTFilter
HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : 5IDESTEP-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : 5idestep-PC\5idestep
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-08-24 21:37:08
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 31m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 70

   Objects scanned . . . : 1.124.841
   Files scanned . . . . : 22.572
   Remnants scanned  . . : 394.856 files / 707.413 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)
   HKU\S-1-5-21-4086697998-2822087783-1139883366-1000\Software\Softonic\ (Softonic)
         
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-08-2013 01
Ran by 5idestep (administrator) on 24-08-2013 21:42:35
Running from C:\Users\5idestep\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMWDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\StartAutorun.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMConfig.exe
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMProcess.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(KORG Inc.) C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CSIS Security Group) C:\Program Files\Heimdal\Service\HeimdalAgentService.exe
(Microsoft) C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe
(CSIS Security Group) C:\Program Files\Heimdal\Client\HeimdalAgent.exe
(Sun Microsystems, Inc.) C:\Program Files\JDownloader\jre\bin\javaw.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
() C:\Program Files\Opera\15.0.1147.153\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(SurfRight B.V.) C:\Users\5idestep\Downloads\hitmanpro.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-04] (CANON INC.)
HKLM\...\Run: [KMCONFIG] - C:\Program Files\CHERRY Mouse Driver\StartAutorun.exe [212992 2008-05-30] (UASSOFT.COM)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [KORG USB-MIDI Driver] - C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393656 2012-10-05] (KORG Inc.)
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
Startup: C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58CCCE75-D102-4416-A858-CFE68538DBEA}: [NameServer]127.0.0.1

========================== Services (Whitelisted) =================

R2 HeimdalSecureDNS; C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe [94368 2013-06-04] (Microsoft)
R2 HeimdalService; C:\Program Files\Heimdal\Service\HeimdalAgentService.exe [134304 2013-06-04] (CSIS Security Group)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
R2 KMWDSERVICE; C:\Program Files\CHERRY Mouse Driver\KMWDSrv.exe [1824768 2009-11-04] (UASSOFT.COM)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [347496 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [97640 2012-12-18] (Native Instruments GmbH)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-06-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-07] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2013-08-24] ()
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-06-14] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [41536 2012-08-29] (MusicLab, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 synasusb; C:\Windows\System32\Drivers\synasusb.sys [23696 2011-12-14] (Steinberg Media Technologies GmbH)
S1 ASPI32; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 21:39 - 2013-08-24 21:40 - 01070693 _____ (Farbar) C:\Users\5idestep\Downloads\FRST.exe
2013-08-24 21:37 - 2013-08-24 21:37 - 00030464 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Buhl Data Service
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Local\Buhl Data Service
2013-08-24 13:24 - 2013-08-24 13:24 - 00883840 _____ C:\Users\5idestep\Downloads\Avira-DE-Cleaner.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 04177904 _____ (CSIS Security Group) C:\Users\5idestep\Downloads\HeimdalSetup.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\ProgramData\CSIS
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\Program Files\Heimdal
2013-08-24 13:14 - 2013-08-24 13:14 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-24 13:06 - 2013-08-24 13:06 - 00009068 _____ C:\Windows\system32\.crusader
2013-08-24 12:45 - 2013-08-24 13:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-24 12:42 - 2013-08-24 12:45 - 09167352 _____ (SurfRight B.V.) C:\Users\5idestep\Downloads\hitmanpro.exe
2013-08-24 12:26 - 2013-08-24 12:26 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Opera Software
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Local\Opera Software
2013-08-24 00:26 - 2013-08-24 00:26 - 00602112 _____ (OldTimer Tools) C:\Users\5idestep\Desktop\OTL.exe
2013-08-10 15:29 - 2013-08-24 12:25 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-30 18:45 - 2013-08-17 14:34 - 00015989 _____ C:\Users\5idestep\Desktop\BODENSEEPLAUNG.xlsx

==================== One Month Modified Files and Folders =======

2013-08-24 21:41 - 2013-08-24 21:41 - 00000000 ____D C:\FRST
2013-08-24 21:40 - 2013-08-24 21:39 - 01070693 _____ (Farbar) C:\Users\5idestep\Downloads\FRST.exe
2013-08-24 21:37 - 2013-08-24 21:37 - 00030464 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-24 21:31 - 2012-11-05 16:55 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Dropbox
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Buhl Data Service
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Local\Buhl Data Service
2013-08-24 13:49 - 2012-03-21 13:57 - 00000094 _____ C:\Windows\wiso.ini
2013-08-24 13:43 - 2012-03-21 13:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-24 13:24 - 2013-08-24 13:24 - 00883840 _____ C:\Users\5idestep\Downloads\Avira-DE-Cleaner.exe
2013-08-24 13:23 - 2012-02-07 17:10 - 00119024 _____ C:\Users\5idestep\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 13:22 - 2013-08-24 13:22 - 04177904 _____ (CSIS Security Group) C:\Users\5idestep\Downloads\HeimdalSetup.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\ProgramData\CSIS
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\Program Files\Heimdal
2013-08-24 13:18 - 2012-02-07 18:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 13:17 - 2012-02-07 18:24 - 00000000 ____D C:\ProgramData\Adobe
2013-08-24 13:16 - 2012-02-07 18:24 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Adobe
2013-08-24 13:15 - 2009-07-14 06:34 - 00014752 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 13:15 - 2009-07-14 06:34 - 00014752 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 13:14 - 2013-08-24 13:14 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-24 13:11 - 2012-02-02 18:24 - 01084482 _____ C:\Windows\WindowsUpdate.log
2013-08-24 13:09 - 2012-11-11 17:20 - 00000000 ___RD C:\Users\5idestep\Dropbox
2013-08-24 13:08 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 13:08 - 2009-07-14 06:39 - 00104052 _____ C:\Windows\setupact.log
2013-08-24 13:08 - 2009-07-14 06:33 - 03805016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-24 13:07 - 2013-04-03 14:57 - 00000000 ____D C:\Program Files\Pando Networks
2013-08-24 13:07 - 2013-02-21 17:18 - 00013615 _____ C:\Windows\mlkumidi.log
2013-08-24 13:07 - 2012-02-23 20:18 - 00008486 _____ C:\Windows\PFRO.log
2013-08-24 13:06 - 2013-08-24 13:06 - 00009068 _____ C:\Windows\system32\.crusader
2013-08-24 13:06 - 2013-08-24 12:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-24 12:45 - 2013-08-24 12:42 - 09167352 _____ (SurfRight B.V.) C:\Users\5idestep\Downloads\hitmanpro.exe
2013-08-24 12:41 - 2012-06-04 16:08 - 00000188 _____ C:\Windows\system32\MsiExec.exe.log
2013-08-24 12:36 - 2012-09-18 17:14 - 00000000 ____D C:\Program Files\Free Videos To DVD
2013-08-24 12:36 - 2012-07-08 17:32 - 00000000 ____D C:\Program Files\Free MKV Video2Dvd
2013-08-24 12:35 - 2013-01-29 19:38 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-24 12:35 - 2012-02-17 08:24 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\DVDVideoSoftIEHelpers
2013-08-24 12:35 - 2012-02-17 08:23 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-24 12:31 - 2013-03-12 01:43 - 00000000 ____D C:\Program Files\eRightSoft
2013-08-24 12:30 - 2013-05-25 10:52 - 00000000 ____D C:\Program Files\Western Digital
2013-08-24 12:27 - 2012-02-17 08:06 - 00000000 ____D C:\ProgramData\Pinnacle
2013-08-24 12:26 - 2013-08-24 12:26 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Opera Software
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Local\Opera Software
2013-08-24 12:25 - 2013-08-10 15:29 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-24 12:25 - 2012-02-17 08:19 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\proDAD
2013-08-24 12:25 - 2012-02-17 08:10 - 00000000 ____D C:\Program Files\Pinnacle
2013-08-24 12:24 - 2012-02-07 17:11 - 00000000 ____D C:\Program Files\Opera
2013-08-24 12:21 - 2012-02-02 18:30 - 00001419 _____ C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-24 12:09 - 2013-03-05 12:04 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Traktor DJ Studio 3
2013-08-24 12:09 - 2013-03-05 11:22 - 00000000 ____D C:\Users\5idestep\Documents\Traktor3
2013-08-24 12:08 - 2012-02-29 18:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-24 11:55 - 2012-02-07 18:23 - 00000000 ____D C:\Users\5idestep\AppData\Local\Adobe
2013-08-24 00:26 - 2013-08-24 00:26 - 00602112 _____ (OldTimer Tools) C:\Users\5idestep\Desktop\OTL.exe
2013-08-21 21:50 - 2012-02-07 17:09 - 01503202 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 14:34 - 2013-07-30 18:45 - 00015989 _____ C:\Users\5idestep\Desktop\BODENSEEPLAUNG.xlsx
2013-07-29 15:58 - 2013-04-03 12:02 - 00000000 ____D C:\Users\5idestep\Desktop\Track_Projekt
2013-07-29 15:56 - 2012-03-02 16:49 - 00000000 ____D C:\Program Files\JDownloader

Files to move or delete:
====================
C:\Users\5idestep\AppData\Local\Temp\dpeknd1o.dll
C:\Users\5idestep\AppData\Local\Temp\gtapi.dll
C:\Users\5idestep\AppData\Local\Temp\immeffectdata0.dll.1.log
C:\Users\5idestep\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\5idestep\AppData\Local\Temp\PMBInst.exe.log
C:\Users\5idestep\AppData\Local\Temp\SetRegpcid.dll
C:\Users\5idestep\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\5idestep\AppData\Local\Temp\ucqm1gnb.dll
C:\Users\5idestep\AppData\Local\Temp\uninstall.exe
C:\Users\5idestep\AppData\Local\Temp\{E39C644B-2DFB-413F-ADB1-6211F81C7077}\InstallFlashPlayer.exe
C:\Users\5idestep\AppData\Local\Temp\{D2309CF0-BD0E-4AA6-B179-3CB0423787BC}\InstallFlashPlayer.exe
C:\Users\5idestep\AppData\Local\Temp\Setup00000a20\OSETUPUI.DLL
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\NeroBar.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\SetupX.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Toolbar.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\NeroDelTmp.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\NPS.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\UninstallNero.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\InstGuru.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\NL2WriteThrough.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\wmfdist.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\wmfdist95.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\DSETUP.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\dsetup32.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\dxsetup.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll
C:\Users\5idestep\AppData\Local\Temp\OCS\ocs_v6a.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\ocs_v6z.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\7a0f5186c0570e2d0b4fe2a90d516a83\SUPERsetup.exe
C:\Users\5idestep\AppData\Local\Temp\nsx3259.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsvB7DB.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsfB645.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsb98B7.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsb98B7.tmp\UAC.dll
C:\Users\5idestep\AppData\Local\Temp\nero.tmp\8.1.1.0_8.10.88_13903\AdvrCntr3.dll
C:\Users\5idestep\AppData\Local\Temp\nero.tmp\8.1.1.0_8.10.88_13903\ShellManager3.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
C:\Users\5idestep\AppData\Local\Temp\is1070216317\JDownloaderSetup_IC.exe
C:\Users\5idestep\AppData\Local\Temp\is1070216317\MyBabylonTB.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\avmcsock.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\fsetup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\fsetup.exe.manifest
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Msvcr71.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\setup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\setup.exe.manifest
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\avmprofiles.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\avmsysnet.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\AVMWLCFG.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\igd_find.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\avmcsock.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\fsetup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\fsetup.exe.manifest
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Msvcr71.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\setup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\setup.exe.manifest
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\avmprofiles.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\avmsysnet.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\AVMWLCFG.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\igd_find.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\aeinv.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatctrl.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatplugin.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatResources.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\cosquery.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\DevInv.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Diager.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Diagnostic.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\du.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\pidgenx.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\QueryAppBlock.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\reportgen.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\sdbapiu.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\setupcompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\sqmapi.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\unattend.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wdscore.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wdsutil.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WebPrep.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WebSetup.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wica.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wicainventory.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wicatel.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WinDlp.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\XP\WebServices.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Vista\WebServices.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\DVDPlaybackCompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\GadgetCompliance.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\MediaCenterCompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\NXCompliance.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\SBCompatPlugin.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\ScreenResolution.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\TouchCompat.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avnetworkloader.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avnetworkLoaderGUI.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avwebloader.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\msvcr90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\rcimage.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\rcNwLoad_de.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\scewxmlw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\update.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aebb.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aecore.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeemu.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeexp.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aegen.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aehelp.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeheur.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeoffice.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aepack.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aerdl.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aesbx.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aescn.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aescript.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aevdf.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avevtlog.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avevtrc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avipc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avpref.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avreg.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avrep.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscan.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscplr.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avwinll.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanex.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanexrc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccwkrlib.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\cfglib.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\extdlgfw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\luke.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\mfc90u.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\msvcp90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\msvcr90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\rcimage.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\rctext.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\scewxmlw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\sqlite3.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\unacev2.dll
C:\Users\5idestep\AppData\Local\Temp\d4bf3fa2-245e-4001-8c4e-9ba73176cdbd\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll
C:\Users\5idestep\AppData\Local\Temp\cac4a5d8-1fe7-4225-a9be-64360ff7e0d0\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\841d9f91-1793-46f0-aa8b-d4ed60373e23\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\icudt.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\launcher.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\launcher_lib.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\libEGL.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\libGLESv2.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\msvcp100.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\msvcr100.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\npTestNetscapePlugIn.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera_crashreporter.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\wow_helper.exe
C:\Users\5idestep\AppData\Local\Temp\6c5339e7-f17d-4b8d-9e4a-bcb5f5a55011\CliSecureRT.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-20 13:48

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-08-2013 01
Ran by 5idestep at 2013-08-24 21:43:24
Running from C:\Users\5idestep\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
ASIO4ALL (Version: 2.10)
AutoSketch Release 10 (Version: 10.0.0.11)
Camel Audio CamelCrusher (Version: 1.01.0)
Canon iP4500 series Benutzerregistrierung
Canon My Printer
CD-LabelPrint
CHERRY Mouse Driver (Version: 6.1)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.2.0287)
Dropbox (HKCU Version: 1.6.18)
eLicenser Control
Epson Copy Utility 3.4 (Version: 3.4.0.0)
EPSON Scan
Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128)
Heimdal (Version: 1.8.0.500)
ID3-TagIT 3 (Version: 3)
JDownloader 0.9 (Version: 0.9)
K-Lite Codec Pack 4.3.1 (Full) (Version: 4.3.1)
KORG KONTROL Editor (Version: 1.30.0003)
KORG USB-MIDI Driver Tools for Windows (Version: 1.14.0401)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MusicLab Virtual MIDI Driver (Version: 2.0.1.0)
MyFreeCodec
MyPhoneExplorer (Version: 1.8.2)
Native Instruments Audio 8 DJ Driver
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761)
Native Instruments Battery 3
Native Instruments Battery 3 (Version: 3.2.3.637)
Native Instruments Kontakt 5
Native Instruments Kontakt 5 (Version: 5.1.0.6066)
Native Instruments Massive
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Reaktor 5
Native Instruments Reaktor 5 (Version: 5.8.0.550)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Solid Bus Comp FX (Version: 1.0.1.330)
Native Instruments Solid Dynamics FX (Version: 1.0.1.330)
Native Instruments Solid EQ FX (Version: 1.0.1.330)
NAVIGON Fresh 3.4.1 (Version: 3.4.1)
neroxml (Version: 1.0.0)
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
Opera 11.61 (Version: 11.61.1250)
Opera 12.02 (Version: 12.02.1578)
Opera Stable 15.0.1147.153 (Version: 15.0.1147.153)
PIXMA Extended Survey Program
reFX Nexus 1.0.0 (Version: 1.0.0)
reFX Nexus 1.0.9
reFX Nexus VSTi RTAS v2.2.0
RSO ExTreme Punch 3 VST
RSO Vocal Magic Pro VST
Samsung Kies (Version: 2.3.2.12064_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
sPlan 7.0
Steinberg Cubase 6 (Version: 6.5.0)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.5.2)
Steinberg HALion Sonic SE Content (Version: 1.5.2.000)
Steinberg LoopMash Content (Version: 2.0.0.000)
Steinberg LoopMash Content 2 (Version: 1.0.0.000)
Steinberg Padshop (Version: 1.0.0)
Steinberg Retrologue (Version: 1.0.0)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg Upload Manager (Version: 1.0.1)
Steinberg VST Amp Rack Content 01 (Version: 1.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.1.11 (Version: 1.1.11)
WaveLab 6 (Version: 6.1.0.340)
WD SES Driver Setup (Version: 1.0.2.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 4.10 (32-Bit) (Version: 4.10.0)
WISO Steuer 2012 (Version: 19.00.7303)
 

==================== Restore Points  =========================

24-08-2013 19:19:59 Avira DE-Cleaner - 24.08.2013 21:19

==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-02-07 18:21 - 00001304 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {277306AA-D91E-4C55-B104-9AEFD49793A6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {81D206DF-431E-488A-90CE-29961F4AC71C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {AC2C5EF9-FC91-4BD3-9048-3FF19E5616FF} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: {B41380E4-7D6A-4882-8609-7BCD400F53EE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {B70B95E0-CF70-4C86-AFEA-309D2B745881} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {C7ABC453-33D9-42C4-8E32-120838C00ED9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2013 02:22:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:40:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:24:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:16 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:23:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert

Error: (08/24/2013 01:22:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen. Fehler: Zugriff verweigert


System errors:
=============
Error: (08/24/2013 01:22:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimdal Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/24/2013 01:10:28 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (08/24/2013 01:08:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.

Error: (08/24/2013 01:08:27 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASPI32

Error: (08/24/2013 01:08:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/24/2013 01:08:21 PM) (Source: Application Popup) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (08/24/2013 01:08:01 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/24/2013 01:08:01 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/24/2013 00:27:49 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS

Error: (08/24/2013 11:47:38 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 2046.55 MB
Available physical RAM: 697.89 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2499.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.09 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:50.26 GB) (Free:10.98 GB) NTFS
Drive d: (Media) (Fixed) (Total:545.91 GB) (Free:259.74 GB) NTFS
Drive e: (Mirko) (Fixed) (Total:129.51 GB) (Free:27.54 GB) NTFS
Drive f: (Volume) (Fixed) (Total:19.43 GB) (Free:1.75 GB) NTFS
Drive j: (Win Passport) (Fixed) (Total:465.82 GB) (Free:40.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 48EA949A)
Partition 1: (Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 01000100)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=AF)
Partition 3: (Active) - (Size=173 GB) - (Type=AF)

==================== End Of Log ============================
         


Alt 24.08.2013, 21:35   #6
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Hi , das ist ein neues Hitman Logfile, mich hätte das alte Interessiert, aber scheinbar hat Hitman den Zbot erledigt... Das was da im neuen Log steht sind nur unerwünschte Programme...

wir machen mal weiter mit :

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



und als zweiten Schritt:

ACHTUNG dauert MEHRERE Stunden da Fullscan


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



und zu guter Letzt:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> ZeuS/ZBot Trojaner laut Telekom

Alt 25.08.2013, 15:35   #7
5idestep
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Es wurde nix gefunden:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.25.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
5idestep :: 5IDESTEP-PC [Administrator]

25.08.2013 12:07:21
mbam-log-2013-08-25 (12-07-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228474
Laufzeit: 8 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Schritt 2 ist in Arbeit!

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2aea7fae25896a448fb3cb7b7cdb3d35
# engine=14893
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-25 02:14:45
# local_time=2013-08-25 04:14:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 96855 129071276 0 0
# scanned=293758
# found=0
# cleaned=0
# scan_time=12104
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 25.08.2013, 15:50   #8
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



wunderbar das sieht gut aus...

bitte erstelle ein letztes FRST logfile . Wenn da alles passt sind wir fast durch
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 26.08.2013, 14:42   #9
5idestep
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by 5idestep (administrator) on 26-08-2013 15:41:23
Running from C:\Users\5idestep\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Microsoft) C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe
(CSIS Security Group) C:\Program Files\Heimdal\Service\HeimdalAgentService.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMWDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\StartAutorun.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMConfig.exe
(UASSOFT.COM) C:\Program Files\CHERRY Mouse Driver\KMProcess.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(KORG Inc.) C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(CSIS Security Group) C:\Program Files\Heimdal\Client\HeimdalAgent.exe
(Dropbox, Inc.) C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
() C:\Program Files\Opera\15.0.1147.153\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe
(Opera Software) C:\Program Files\Opera\15.0.1147.153\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-04] (CANON INC.)
HKLM\...\Run: [KMCONFIG] - C:\Program Files\CHERRY Mouse Driver\StartAutorun.exe [212992 2008-05-30] (UASSOFT.COM)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [KORG USB-MIDI Driver] - C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393656 2012-10-05] (KORG Inc.)
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
Startup: C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\5idestep\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58CCCE75-D102-4416-A858-CFE68538DBEA}: [NameServer]127.0.0.1

========================== Services (Whitelisted) =================

R2 HeimdalSecureDNS; C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe [94368 2013-06-04] (Microsoft)
R2 HeimdalService; C:\Program Files\Heimdal\Service\HeimdalAgentService.exe [134304 2013-06-04] (CSIS Security Group)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
R2 KMWDSERVICE; C:\Program Files\CHERRY Mouse Driver\KMWDSrv.exe [1824768 2009-11-04] (UASSOFT.COM)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [347496 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [97640 2012-12-18] (Native Instruments GmbH)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-06-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-07] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-06-14] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [41536 2012-08-29] (MusicLab, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 synasusb; C:\Windows\System32\Drivers\synasusb.sys [23696 2011-12-14] (Steinberg Media Technologies GmbH)
S1 ASPI32; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 16:30 - 2013-08-25 16:29 - 00891115 _____ C:\Users\5idestep\Desktop\SecurityCheck.exe
2013-08-25 16:29 - 2013-08-25 16:29 - 00891115 _____ C:\Users\5idestep\Downloads\SecurityCheck.exe
2013-08-25 12:51 - 2013-08-25 12:51 - 00000000 ____D C:\Program Files\ESET
2013-08-25 12:50 - 2013-08-25 12:50 - 02347384 _____ (ESET) C:\Users\5idestep\Downloads\esetsmartinstaller_enu.exe
2013-08-25 12:05 - 2013-08-25 12:05 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Malwarebytes
2013-08-25 12:04 - 2013-08-25 12:04 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 12:04 - 2013-08-25 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 12:04 - 2013-08-25 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 12:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 12:03 - 2013-08-25 12:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\5idestep\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 22:09 - 2013-08-24 22:09 - 00003158 _____ C:\Users\5idestep\Desktop\HitmanPro_20130824_2209.log
2013-08-24 21:43 - 2013-08-24 21:44 - 00015544 _____ C:\Users\5idestep\Downloads\Addition.txt
2013-08-24 21:41 - 2013-08-24 21:41 - 00000000 ____D C:\FRST
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Buhl Data Service
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Local\Buhl Data Service
2013-08-24 13:24 - 2013-08-24 13:24 - 00883840 _____ C:\Users\5idestep\Downloads\Avira-DE-Cleaner.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 04177904 _____ (CSIS Security Group) C:\Users\5idestep\Downloads\HeimdalSetup.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\ProgramData\CSIS
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\Program Files\Heimdal
2013-08-24 13:14 - 2013-08-24 13:14 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-24 13:06 - 2013-08-24 13:06 - 00009068 _____ C:\Windows\system32\.crusader
2013-08-24 12:45 - 2013-08-24 13:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-24 12:42 - 2013-08-24 12:45 - 09167352 _____ (SurfRight B.V.) C:\Users\5idestep\Downloads\hitmanpro.exe
2013-08-24 12:26 - 2013-08-24 12:26 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Opera Software
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Local\Opera Software
2013-08-24 00:26 - 2013-08-24 00:26 - 00602112 _____ (OldTimer Tools) C:\Users\5idestep\Desktop\OTL.exe
2013-08-10 15:29 - 2013-08-24 12:25 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-30 18:45 - 2013-08-17 14:34 - 00015989 _____ C:\Users\5idestep\Desktop\BODENSEEPLAUNG.xlsx

==================== One Month Modified Files and Folders =======

2013-08-26 15:38 - 2012-11-11 17:20 - 00000000 ___RD C:\Users\5idestep\Dropbox
2013-08-26 15:38 - 2012-11-05 16:55 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Dropbox
2013-08-26 15:37 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 15:37 - 2009-07-14 06:39 - 00104276 _____ C:\Windows\setupact.log
2013-08-26 15:36 - 2013-02-21 17:18 - 00013855 _____ C:\Windows\mlkumidi.log
2013-08-25 16:38 - 2012-02-02 18:24 - 01094530 _____ C:\Windows\WindowsUpdate.log
2013-08-25 16:29 - 2013-08-25 16:30 - 00891115 _____ C:\Users\5idestep\Desktop\SecurityCheck.exe
2013-08-25 16:29 - 2013-08-25 16:29 - 00891115 _____ C:\Users\5idestep\Downloads\SecurityCheck.exe
2013-08-25 12:51 - 2013-08-25 12:51 - 00000000 ____D C:\Program Files\ESET
2013-08-25 12:50 - 2013-08-25 12:50 - 02347384 _____ (ESET) C:\Users\5idestep\Downloads\esetsmartinstaller_enu.exe
2013-08-25 12:50 - 2012-02-07 17:09 - 01503202 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 12:47 - 2009-07-14 06:34 - 00014752 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:47 - 2009-07-14 06:34 - 00014752 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:30 - 2012-02-18 16:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-25 12:05 - 2013-08-25 12:05 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Malwarebytes
2013-08-25 12:04 - 2013-08-25 12:04 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 12:04 - 2013-08-25 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 12:04 - 2013-08-25 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 12:03 - 2013-08-25 12:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\5idestep\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-25 11:48 - 2009-07-14 06:33 - 03807368 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-25 11:47 - 2012-02-23 20:18 - 00009438 _____ C:\Windows\PFRO.log
2013-08-24 22:09 - 2013-08-24 22:09 - 00003158 _____ C:\Users\5idestep\Desktop\HitmanPro_20130824_2209.log
2013-08-24 21:44 - 2013-08-24 21:43 - 00015544 _____ C:\Users\5idestep\Downloads\Addition.txt
2013-08-24 21:41 - 2013-08-24 21:41 - 00000000 ____D C:\FRST
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Buhl Data Service
2013-08-24 13:49 - 2013-08-24 13:49 - 00000000 ____D C:\Users\5idestep\AppData\Local\Buhl Data Service
2013-08-24 13:49 - 2012-03-21 13:57 - 00000094 _____ C:\Windows\wiso.ini
2013-08-24 13:43 - 2012-03-21 13:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-24 13:24 - 2013-08-24 13:24 - 00883840 _____ C:\Users\5idestep\Downloads\Avira-DE-Cleaner.exe
2013-08-24 13:23 - 2012-02-07 17:10 - 00119024 _____ C:\Users\5idestep\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 13:22 - 2013-08-24 13:22 - 04177904 _____ (CSIS Security Group) C:\Users\5idestep\Downloads\HeimdalSetup.exe
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\ProgramData\CSIS
2013-08-24 13:22 - 2013-08-24 13:22 - 00000000 ____D C:\Program Files\Heimdal
2013-08-24 13:18 - 2012-02-07 18:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 13:17 - 2012-02-07 18:24 - 00000000 ____D C:\ProgramData\Adobe
2013-08-24 13:16 - 2012-02-07 18:24 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Adobe
2013-08-24 13:14 - 2013-08-24 13:14 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-24 13:07 - 2013-04-03 14:57 - 00000000 ____D C:\Program Files\Pando Networks
2013-08-24 13:06 - 2013-08-24 13:06 - 00009068 _____ C:\Windows\system32\.crusader
2013-08-24 13:06 - 2013-08-24 12:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-24 12:45 - 2013-08-24 12:42 - 09167352 _____ (SurfRight B.V.) C:\Users\5idestep\Downloads\hitmanpro.exe
2013-08-24 12:41 - 2012-06-04 16:08 - 00000188 _____ C:\Windows\system32\MsiExec.exe.log
2013-08-24 12:36 - 2012-09-18 17:14 - 00000000 ____D C:\Program Files\Free Videos To DVD
2013-08-24 12:36 - 2012-07-08 17:32 - 00000000 ____D C:\Program Files\Free MKV Video2Dvd
2013-08-24 12:35 - 2013-01-29 19:38 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-24 12:35 - 2012-02-17 08:24 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\DVDVideoSoftIEHelpers
2013-08-24 12:35 - 2012-02-17 08:23 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-24 12:31 - 2013-03-12 01:43 - 00000000 ____D C:\Program Files\eRightSoft
2013-08-24 12:30 - 2013-05-25 10:52 - 00000000 ____D C:\Program Files\Western Digital
2013-08-24 12:27 - 2012-02-17 08:06 - 00000000 ____D C:\ProgramData\Pinnacle
2013-08-24 12:26 - 2013-08-24 12:26 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Opera Software
2013-08-24 12:25 - 2013-08-24 12:25 - 00000000 ____D C:\Users\5idestep\AppData\Local\Opera Software
2013-08-24 12:25 - 2013-08-10 15:29 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-24 12:25 - 2012-02-17 08:19 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\proDAD
2013-08-24 12:25 - 2012-02-17 08:10 - 00000000 ____D C:\Program Files\Pinnacle
2013-08-24 12:24 - 2012-02-07 17:11 - 00000000 ____D C:\Program Files\Opera
2013-08-24 12:21 - 2012-02-02 18:30 - 00001419 _____ C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-24 12:09 - 2013-03-05 12:04 - 00000000 ____D C:\Users\5idestep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Traktor DJ Studio 3
2013-08-24 12:09 - 2013-03-05 11:22 - 00000000 ____D C:\Users\5idestep\Documents\Traktor3
2013-08-24 12:08 - 2012-02-29 18:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-24 11:55 - 2012-02-07 18:23 - 00000000 ____D C:\Users\5idestep\AppData\Local\Adobe
2013-08-24 00:26 - 2013-08-24 00:26 - 00602112 _____ (OldTimer Tools) C:\Users\5idestep\Desktop\OTL.exe
2013-08-17 14:34 - 2013-07-30 18:45 - 00015989 _____ C:\Users\5idestep\Desktop\BODENSEEPLAUNG.xlsx
2013-07-29 15:58 - 2013-04-03 12:02 - 00000000 ____D C:\Users\5idestep\Desktop\Track_Projekt
2013-07-29 15:56 - 2012-03-02 16:49 - 00000000 ____D C:\Program Files\JDownloader

Files to move or delete:
====================
C:\Users\5idestep\AppData\Local\Temp\dpeknd1o.dll
C:\Users\5idestep\AppData\Local\Temp\gtapi.dll
C:\Users\5idestep\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\5idestep\AppData\Local\Temp\SetRegpcid.dll
C:\Users\5idestep\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\5idestep\AppData\Local\Temp\ucqm1gnb.dll
C:\Users\5idestep\AppData\Local\Temp\uninstall.exe
C:\Users\5idestep\AppData\Local\Temp\{E39C644B-2DFB-413F-ADB1-6211F81C7077}\InstallFlashPlayer.exe
C:\Users\5idestep\AppData\Local\Temp\{D2309CF0-BD0E-4AA6-B179-3CB0423787BC}\InstallFlashPlayer.exe
C:\Users\5idestep\AppData\Local\Temp\Setup00000a20\OSETUPUI.DLL
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\NeroBar.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\SetupX.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Toolbar.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\NeroDelTmp.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\NPS.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Setup\UninstallNero.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\InstGuru.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\NL2WriteThrough.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\wmfdist.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\wmfdist95.exe
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\DSETUP.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\dsetup32.dll
C:\Users\5idestep\AppData\Local\Temp\RarSFX0\Data\Redist\DirectX\dxsetup.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll
C:\Users\5idestep\AppData\Local\Temp\OCS\ocs_v6a.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\ocs_v6z.exe
C:\Users\5idestep\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\7a0f5186c0570e2d0b4fe2a90d516a83\SUPERsetup.exe
C:\Users\5idestep\AppData\Local\Temp\nsx3259.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsvB7DB.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsfB645.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsb98B7.tmp\DropboxNSISTools.dll
C:\Users\5idestep\AppData\Local\Temp\nsb98B7.tmp\UAC.dll
C:\Users\5idestep\AppData\Local\Temp\nero.tmp\8.1.1.0_8.10.88_13903\AdvrCntr3.dll
C:\Users\5idestep\AppData\Local\Temp\nero.tmp\8.1.1.0_8.10.88_13903\ShellManager3.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
C:\Users\5idestep\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
C:\Users\5idestep\AppData\Local\Temp\is1070216317\JDownloaderSetup_IC.exe
C:\Users\5idestep\AppData\Local\Temp\is1070216317\MyBabylonTB.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\avmcsock.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\fsetup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Msvcr71.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\setup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\avmprofiles.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\avmsysnet.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\AVMWLCFG.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLANRepeater310\Intro\igd_find.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\avmcsock.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\fsetup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Msvcr71.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\setup.exe
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\avmprofiles.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\avmsysnet.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\AVMWLCFG.dll
C:\Users\5idestep\AppData\Local\Temp\FRITZ!WLAN Repeater 300E\Intro\igd_find.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\aeinv.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatctrl.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatplugin.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\compatResources.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\cosquery.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\DevInv.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Diager.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Diagnostic.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\du.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\pidgenx.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\QueryAppBlock.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\reportgen.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\sdbapiu.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\setupcompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\sqmapi.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\unattend.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wdscore.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wdsutil.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WebPrep.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WebSetup.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wica.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wicainventory.exe
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\wicatel.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\WinDlp.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\XP\WebServices.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\Vista\WebServices.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\DVDPlaybackCompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\GadgetCompliance.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\MediaCenterCompat.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\NXCompliance.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\SBCompatPlugin.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\ScreenResolution.dll
C:\Users\5idestep\AppData\Local\Temp\df779cdd-87b6-4dd8-b65f-45a2211d8298\WebSetupExpanded\CompliancePlugins\TouchCompat.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avnetworkloader.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avnetworkLoaderGUI.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\avwebloader.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\DE-Cleaner-Install.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\msvcr90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\rcimage.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\rcNwLoad_de.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\scewxmlw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\update.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aebb.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aecore.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeemu.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeexp.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aegen.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aehelp.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeheur.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aeoffice.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aepack.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aerdl.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aesbx.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aescn.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aescript.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\aevdf.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avevtlog.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avevtrc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avipc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\Avira-DE-Cleaner-starten.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avpref.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avreg.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avrep.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscan.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avscplr.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\avwinll.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanex.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccavscanexrc.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\ccwkrlib.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\cfglib.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\decleaner.exe
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\extdlgfw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\luke.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\mfc90u.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\msvcp90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\msvcr90.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\rcimage.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\rctext.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\scewxmlw.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\sqlite3.dll
C:\Users\5idestep\AppData\Local\Temp\decleaner\decleaner\setup\unacev2.dll
C:\Users\5idestep\AppData\Local\Temp\d4bf3fa2-245e-4001-8c4e-9ba73176cdbd\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\5idestep\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll
C:\Users\5idestep\AppData\Local\Temp\cac4a5d8-1fe7-4225-a9be-64360ff7e0d0\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\841d9f91-1793-46f0-aa8b-d4ed60373e23\CliSecureRT.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\icudt.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\launcher.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\launcher_lib.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\libEGL.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\libGLESv2.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\msvcp100.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\msvcr100.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\npTestNetscapePlugIn.dll
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera_autoupdate.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\opera_crashreporter.exe
C:\Users\5idestep\AppData\Local\Temp\7ZipSfx.000\wow_helper.exe
C:\Users\5idestep\AppData\Local\Temp\6c5339e7-f17d-4b8d-9e4a-bcb5f5a55011\CliSecureRT.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-20 13:48

==================== End Of Log ============================
         
--- --- ---

Alt 27.08.2013, 07:55   #10
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Hallo 5idestep

wunderbar dann räumen wir noch auf ... und du bekommst einige Tips von mir (optional)

Schritt 1:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Schritt 2:


Wunderbar dein System ist soweit ich das sehen kann sauber.

Hier noch ein paar Tipps zur Absicherung deines Systems.


Benutzerkonto Einstellungen:


Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt.

Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter.


Systemupdates:


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates


Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck


Antivirensoftware


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen

  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


alternatives Browsen


Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe



Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 28.08.2013, 08:30   #11
Aneri
/// Malwareteam
 
ZeuS/ZBot Trojaner laut Telekom - Standard

ZeuS/ZBot Trojaner laut Telekom



Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Antwort

Themen zu ZeuS/ZBot Trojaner laut Telekom
avira, bescheid, brief, festgestellt, geholfen, gen, gestellt, hilfe, hänge, neu, schritt, seite, seriös, system, telekom, troja, trojaner, windows, windows 7, zeus/zbot



Ähnliche Themen: ZeuS/ZBot Trojaner laut Telekom


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Win 7 - Verdacht auf Zeus / ZBot laut Telekom Abuse Team
    Log-Analyse und Auswertung - 17.05.2015 (31)
  3. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  4. Brief von Telekom: Sie sind mit ZeuS/ZBot-Trojaner infiziert
    Log-Analyse und Auswertung - 10.10.2013 (3)
  5. Zeus/ZBot laut Telekom Abuse-Brief, der dritte Rechner XP
    Log-Analyse und Auswertung - 10.09.2013 (11)
  6. Win7: Telekom-Brief über ZeuS/ZBot-Trojaner erhalten
    Log-Analyse und Auswertung - 07.09.2013 (4)
  7. Trojaner Zeus/ZBot Telekom Abuse Brief und Mail
    Log-Analyse und Auswertung - 06.09.2013 (13)
  8. TR/Mediyes.adr und laut Telekom Zeus/ZBot
    Log-Analyse und Auswertung - 03.09.2013 (51)
  9. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  10. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  11. Sparkassen Trojaner Testüberweisung und Mitteilung von Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (9)
  12. Zeus/Zbot Trojaner Meldung von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (7)
  13. ZeuS/Zbot-Befall laut Telekom
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (11)
  14. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  15. Brief von der Telekom, Trojaner, ZeuS/ZBot infiziert..?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (15)
  16. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)

Zum Thema ZeuS/ZBot Trojaner laut Telekom - Hallöchen, ich bin neu hier und bin auf die Seite gestoßen nachdem ich gegoogelt habe ob der Brief der Telekom seriös ist. Dabei hab ich festgestellt das hier einige so - ZeuS/ZBot Trojaner laut Telekom...
Archiv
Du betrachtest: ZeuS/ZBot Trojaner laut Telekom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.