Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?

TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?


Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.09.2013, 15:39   #1
Hemd
 
TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt? - Standard

TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?


Hallo,

ich bräuchte mal wieder eure Hilfe
Ich habe meinen USB-Stick benutzt, um in einem Copy-Shop etwas auszudrucken. Als ich ihn zu Hause wieder benutzt habe, endeten plötzlich alle Ordnernamen auf dem Stick mit einem .exe. Gleichzeitig kam von AntiVir die Meldung:

In der Datei 'F:\XXX.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe dann sofort den Stick formatiert.
Danach habe ich mit mbam, Super Antispyware und OTL Scans durchgeführt. Die ersteren beiden haben nichts gefunden (außer Tracking Cookies), OTL kann ich nicht selbstständig auswerten...hier die Logs:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.09.2013 16:01:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,18% Memory free
7,80 Gb Paging File | 5,92 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 269,57 Gb Total Space | 219,56 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 88,17 Gb Free Space | 45,14% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1698423110-801138821-1970636021-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{137B9D63-D339-48F4-B15D-9F735A899857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{145C247C-4DD5-4757-9E0D-B8AE1C7CDA10}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{183071CA-4274-4281-A610-7BC140DEAD5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2598F80F-02FB-48C1-B73B-3160558E3164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28EB6AEB-C27A-4EB0-93B7-70F89CBE9A8C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2D699826-57D6-4698-8EA8-55FF7033E367}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3253FA30-7F67-4CFD-B61D-8E633473838B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AA64DD2-24A0-41D0-ADF9-6AE0DE2A95B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{40DE2B92-144B-42CC-821D-3C7C8D8F740D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4824F325-558F-4EE4-9147-43D5EC99AE6B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4AB39473-5E12-4B83-9596-EA862CC5A0EA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4F159729-999C-4AF1-9758-303A3E69837C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C295D19-80D7-423C-8C38-6B60E51413C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6C944A12-D5F2-4628-8F74-72154E3DDBBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{721F3AC9-B198-4183-892E-1F9FB6AE5240}" = rport=445 | protocol=6 | dir=out | app=system | 
"{77610875-273E-45ED-AC1A-D3AF76334690}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{82A2A76E-2E95-42B7-A0DE-E9FC72416E9E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{855C5C57-FD43-4D90-9474-0D10E6C49E6F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AA4A6336-FFA5-4837-B85D-D37DEEDB8642}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B1410C91-585A-4FED-AF7A-BA9E9C806601}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D25EB699-9D9A-4519-AC84-1DE1D50F4BCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E0D35F57-2D34-4089-A24D-644037E9C039}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E88E875B-1C7A-4447-AD93-D752FF220596}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EFC42924-54D9-42F3-8F5B-AFC87AAA99A5}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04400EC8-0AE5-4436-B8D9-C1B51BED870B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0842B872-FB99-46F4-B32E-E3829663F820}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0E60A84B-BA7F-42BD-A3A2-1DBAC42B644E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0FB4D735-23E0-4F58-8EC4-2AF6C599228D}" = protocol=6 | dir=out | app=system | 
"{2E9289EC-1DDF-46DD-BF91-35FFCE313FA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{33EE4149-AE86-45D5-97DA-C288C2AEA718}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{413C3FD9-6869-402E-A588-A239BD4D8D2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42DFFD1B-B966-4847-B335-E0A7E3D75546}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4366A0FA-85E1-45BD-8E40-9943FB8083E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{45165A37-56CA-40FB-8CEA-40C7C9B2DC2B}" = protocol=58 | dir=in | app=system | 
"{46E45E63-188F-4FD2-8652-C7ECA18F666F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69C751CC-A5DF-41BE-BA22-ACFA39D32749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78C9D5FD-2B06-4782-A37B-3866D6E0F096}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C520E29-6AB1-4E86-AC63-9C925A06EACB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{90E8BF36-7B46-481A-A523-1E0860D2D973}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{97E2174D-9A05-443B-90FD-219A85ABF849}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{9F0AF411-B709-4C34-AC9F-343474B15603}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AB375AE5-D196-4F95-8235-65762DCE28AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF644672-2A62-4EFC-8B34-F500B0142AF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3F2051D-FA83-48CB-8BAA-F020DE1C264B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B50747F8-5E2B-4768-9BC3-D1BAAA97FB3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2BF0F1F-6177-4F5F-907F-8C9368B9C62D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CDA7F52C-CC10-450B-B80C-B7BD31840628}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{D20918F4-A2F3-4DD0-AB0E-0B8EF9EF1B53}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6D64E7B-B04D-4D2E-9FA6-9785B82E2DA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA55ED73-8F6A-4215-B44B-9A48672AB4EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F84A9703-5A58-4525-8FC3-C491FD24505D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{D029B2F2-9560-4F37-B587-27C9F6109A0B}E:\spiele\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=e:\spiele\unreal tournament\system\unrealtournament.exe | 
"UDP Query User{0A84F150-FF6D-41E5-98CE-83CE730E2590}E:\spiele\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=e:\spiele\unreal tournament\system\unrealtournament.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8405EC5-A483-AA4E-6CBA-E2B163409128}" = AMD Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4c0f7038-82a5-4c1d-b88c-522b78acec76}" = Nero 9
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACAA0152-96A4-4D93-92F5-1B4728C3D984}" = HP Product Detection
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"gretl_is1" = gretl version 1.9.12
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Transcribe!_is1" = Transcribe! 7.20
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1698423110-801138821-1970636021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.09.2013 19:31:16 | Computer Name = ***-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description = 
 
Error - 12.09.2013 04:30:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.09.2013 09:23:16 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 12.09.2013 09:25:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Programme\Nero
9\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder 
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.09.2013 14:56:07 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 13.09.2013 15:46:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2013 16:02:58 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 13.09.2013 16:04:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Programme\Nero
9\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder 
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.09.2013 06:33:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 14.09.2013 06:34:38 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Programme\Nero
9\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder 
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.09.2013 06:43:10 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
Error - 14.09.2013 07:13:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 14.09.2013 07:13:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION 
 
Error - 14.09.2013 07:13:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
Error - 14.09.2013 07:50:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 14.09.2013 07:50:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION 
 
Error - 14.09.2013 07:50:11 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
Error - 14.09.2013 08:20:12 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 14.09.2013 08:20:12 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION 
 
Error - 14.09.2013 08:20:12 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
[ System Events ]
Error - 19.08.2013 15:04:29 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.08.2013 10:54:51 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR18 
gefunden.
 
Error - 25.08.2013 10:55:05 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR18 
gefunden.
 
Error - 11.09.2013 19:30:13 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2013 12:26:32 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.09.2013 13:05:35 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.09.2013 13:05:36 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.09.2013 13:05:37 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.09.2013 13:06:03 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.09.2013 13:06:04 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.09.2013 16:01:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,18% Memory free
7,80 Gb Paging File | 5,92 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 269,57 Gb Total Space | 219,56 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 88,17 Gb Free Space | 45,14% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - E:\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Programme\Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 58 FC 18 3B 62 CE 01 [binary data]
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1698423110-801138821-1970636021-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: E:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.08.26 13:12:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Programme\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Programme\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: E:\Programme\Thunderbird\components [2013.06.07 17:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: E:\Programme\Thunderbird\plugins
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1698423110-801138821-1970636021-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-1698423110-801138821-1970636021-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Admin\AppData\Local\Temp\nro.tmp\" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1698423110-801138821-1970636021-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\Anwendungsdaten [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\AppData [2013.06.13 15:21:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Admin\Cookies [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Desktop [2013.08.26 13:12:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Documents [2013.08.26 13:12:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Druckumgebung [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Eigene Dateien [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Lokale Einstellungen [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Netzwerkumgebung [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\NTUSER.DAT ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{4d6f808c-1b85-11e3-ab38-7446a07ce0dc}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{4d6f808c-1b85-11e3-ab38-7446a07ce0dc}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{4d6f808c-1b85-11e3-ab38-7446a07ce0dc}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{52f01172-ead3-11e2-8684-7446a07ce0dc}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{52f01172-ead3-11e2-8684-7446a07ce0dc}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{52f01172-ead3-11e2-8684-7446a07ce0dc}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{cd222903-1076-11e3-8434-7446a07ce0dc}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{cd222903-1076-11e3-8434-7446a07ce0dc}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{cd222903-1076-11e3-8434-7446a07ce0dc}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\ntuser.ini ()
O4 - Startup: C:\Users\Admin\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Recent [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Admin\SendTo [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Startmenü [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Vorlagen [2013.06.13 15:21:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Adobe [2013.06.08 15:55:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Avira [2013.06.06 22:41:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Canneverbe Limited [2013.08.26 16:17:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Cisco [2013.06.09 02:11:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013.09.13 19:30:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013.06.10 11:32:38 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2013.09.12 01:40:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013.06.06 22:35:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2013.08.25 17:29:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2013.08.25 18:29:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2013.06.09 02:09:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2013.09.13 18:10:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Synaptics [2013.06.15 12:07:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2013.06.18 18:56:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 05:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2013.06.06 18:04:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2013.06.06 18:04:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2013.09.13 19:31:16 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2013.06.06 18:04:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2013.06.06 00:14:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011.04.12 09:54:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Anwendungsdaten [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\AppData [2013.06.06 18:04:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\Application Data [2013.07.27 18:26:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\***\cityguide [2013.08.06 13:24:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\***\Contacts [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Cookies [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Desktop [2013.09.14 16:00:06 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Documents [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Downloads [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Druckumgebung [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Eigene Dateien [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Favorites [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Links [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Lokale Einstellungen [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Music [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Netzwerkumgebung [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\NTUSER.DAT ()
O4 - Startup: C:\Users\***\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\***\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\***\ntuser.ini ()
O4 - Startup: C:\Users\***\Pictures [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Recent [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Saved Games [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Searches [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\SendTo [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Startmenü [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\***\Videos [2013.09.12 10:30:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\***\Vorlagen [2013.06.06 18:04:40 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D335CA-122E-49CE-9CE4-4C3531391C64}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A676C83-F3E4-4601-B42B-33F5403F1AD2}: DhcpNameServer = 80.69.100.214 80.69.100.110
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.13 19:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.13 19:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.13 19:30:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.09.13 19:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.09.13 18:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.09.13 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.09.13 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.09.12 01:39:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.09.12 01:39:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.09.12 01:39:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.09.12 01:39:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.09.12 01:39:49 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.12 01:39:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.12 01:39:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.09.12 01:39:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.09.12 01:39:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.09.12 01:39:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.09.12 01:39:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.09.12 01:39:47 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.09.12 01:39:47 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.09.12 01:39:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.09.12 01:39:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.09.11 23:31:53 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.09.11 23:31:51 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.09.11 23:31:51 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.09.11 23:31:50 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.09.11 23:31:50 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.09.11 23:31:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.09.11 23:31:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.09.11 23:31:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.09.11 23:31:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.09.11 23:31:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.09.11 23:31:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.09.11 23:31:50 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.09.11 23:31:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.09.11 23:31:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.09.11 23:31:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.09.11 23:31:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.09.11 23:31:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 23:31:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 23:31:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 23:31:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.09.11 23:31:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 23:31:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 23:31:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 23:31:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 23:31:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 23:31:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 23:31:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 23:31:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 23:31:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 23:31:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 23:31:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 23:31:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 23:31:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 23:31:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 23:31:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 23:31:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.09.11 23:31:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.09.11 23:31:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.09.11 23:31:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013.09.11 23:31:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 23:31:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.09.11 23:31:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.08.27 12:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.08.26 16:42:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.08.26 16:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.08.26 15:53:34 | 000,000,000 | ---D | C] -- C:\WinVista_Image
[2013.08.26 15:53:34 | 000,000,000 | ---D | C] -- \WinVista_Image
[2013.08.26 13:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.08.26 13:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.08.26 13:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.08.26 13:11:58 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.08.26 13:11:58 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013.08.26 13:11:58 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013.08.26 13:11:58 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.08.26 13:11:57 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2013.08.26 13:11:57 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2013.08.26 13:11:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2013.08.26 13:11:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013.08.26 13:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.08.25 19:57:56 | 000,000,000 | ---D | C] -- C:\Win7-32bit_Image
[2013.08.25 19:57:56 | 000,000,000 | ---D | C] -- \Win7-32bit_Image
[2013.08.25 17:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.08.25 17:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.08.25 17:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.08.20 20:38:26 | 000,000,000 | ---D | C] -- C:\DruckerTreiber
[2013.08.20 20:38:26 | 000,000,000 | ---D | C] -- \DruckerTreiber
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.14 16:03:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.14 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.14 15:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.14 12:14:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.14 12:14:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.14 12:13:22 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bfdfa8d2-8f69-452b-b3b6-c39e17e520a0.job
[2013.09.14 12:13:22 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3db15ccd-882f-4f2c-8d11-0873f58a0b9b.job
[2013.09.13 23:13:40 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.13 23:13:40 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.13 23:13:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.13 23:13:40 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.13 23:13:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.13 22:03:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.13 21:53:04 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.13 21:53:04 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.13 21:44:46 | 3141,292,032 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.12 10:29:11 | 000,453,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.09.03 11:06:01 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.09.03 11:06:01 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.09.03 11:06:01 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.09.13 18:11:33 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3db15ccd-882f-4f2c-8d11-0873f58a0b9b.job
[2013.09.13 18:11:32 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bfdfa8d2-8f69-452b-b3b6-c39e17e520a0.job
[2013.06.06 17:57:31 | 3141,292,032 | -HS- | C] () -- \hiberfil.sys
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.03.05 05:31:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.03.05 05:31:18 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Anwendungsdaten
[2013.06.13 15:21:40 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Cookies
[2013.08.26 13:12:41 | 000,000,000 | R--D | M] -- C:\Users\Admin\Desktop
[2013.08.26 13:12:29 | 000,000,000 | R--D | M] -- C:\Users\Admin\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Downloads
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Druckumgebung
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Links
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Music
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Pictures
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\Saved Games
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\SendTo
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Startmenü
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Videos
[2013.06.13 15:21:40 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Vorlagen
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013.08.26 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Canneverbe Limited
[2013.06.09 02:11:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2013.06.15 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\Synaptics
[2013.06.18 18:56:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2013.06.06 18:04:32 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013.06.06 18:04:32 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.09.13 19:31:16 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2013.06.06 18:04:32 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013.06.06 00:14:10 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011.04.12 09:54:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009.07.14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Anwendungsdaten
[2013.06.06 18:04:40 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData
[2013.07.27 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\***\Application Data
[2013.08.06 13:24:38 | 000,000,000 | ---D | M] -- C:\Users\***\cityguide
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Contacts
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Cookies
[2013.09.14 16:00:06 | 000,000,000 | R--D | M] -- C:\Users\***\Desktop
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Documents
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Downloads
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Druckumgebung
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Eigene Dateien
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Favorites
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Links
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Lokale Einstellungen
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Music
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Netzwerkumgebung
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Pictures
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Recent
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Saved Games
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Searches
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\SendTo
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Startmenü
[2013.09.12 10:30:29 | 000,000,000 | R--D | M] -- C:\Users\***\Videos
[2013.06.06 18:04:40 | 000,000,000 | -HSD | M] -- C:\Users\***\Vorlagen
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.09.14 12:14:02 | 097,519,942 | ---- | M] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\ꟿ쒓U
[2013.09.13 23:12:52 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\ꟿ쒓U
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 103 bytes -> C:\Users\All Users\TEMP:76650B61
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:76650B61
 
< End of report >
--- --- ---


Dass mbam und SUPERAntiSpyware nichts gefunden haben, macht mir Hoffnung, dass AntiVir den Zugriff erfolgreich geblockt hat.
Was meint ihr dazu?

Vielen Dank für eure Hilfe!

Beste Grüße
Hemd

 

Themen zu TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?
adobe reader xi, antivir, avira, bho, browser, converter, error, excel, failed, feedback, fehler, flash player, google, homepage, iexplore.exe, install.exe, logfile, mozilla, msiinstaller, outbound, plug-in, programm, realtek, registry, security, senden, server, software, super, svchost.exe, version., virus, windows


« Trojaner: Bundeskriminalamt Interpol | Bundestrojaner Vista »


Ähnliche Themen: TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?


  1. Windows 7, Trojaner von Avira geblockt + entfernt, Malwarebytes möglicher Fund aber von Avira geblockt
    Log-Analyse und Auswertung - 13.05.2015 (13)
  2. Immer, wenn ich den USB Stick vom Fernseher abziehe und mit dem PC wieder verbinde, erscheint auf dem Stick eine CM0013 Datei.
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (7)
  3. Avast findet auf USB Stick jwgkvsq.vmx (Win32:Dropper-MCQ[Drp]) und ARBEIT.vbs (VBS:Solow-L[WRM])
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (11)
  4. Trojaner Dropper.Generic2.ANEO am USB-Stick
    Log-Analyse und Auswertung - 30.09.2013 (5)
  5. Malware vorhanden ? / USB-Stick nur Verknüpfungen / TR/Dropper.GEN
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (13)
  6. GVU erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (5)
  7. BIOS erkennt USB stick - bootet aber nicht von ihm / erfolgreich bei anderen PC's getestet
    Netzwerk und Hardware - 16.04.2012 (13)
  8. Kann tr.dropper.gen auf USB-Stick oder Speicherkarte der Kamera???????
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (12)
  9. TR/Dropper.Gen auf meinem USB Stick
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (23)
  10. WORM/Phorpiex.B.64 auf USB-Stick - Datenrettung vom USB-Stick?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (32)
  11. ctfmoon.exe TR/Dropper.Gen auf USB Stick
    Log-Analyse und Auswertung - 10.04.2011 (5)
  12. Recycler auf USB Stick (Generic.dx, Exploit-CVE, Trojan.Dropper)
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (1)
  13. Trojaner TR/Dropper.Gen eingefangen und erfolgreich gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (23)
  14. Virus auf USB-Stick? - USB-Stick wird beim Einstecken als Ordner angezeigt.
    Antiviren-, Firewall- und andere Schutzprogramme - 21.07.2010 (5)
  15. Infizierter USB Stick (TR\Dropper.Gen) - mögliche Infizierung trotz aktivem Guard?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (9)
  16. Dropper auf USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 16.08.2008 (5)
  17. War ich erfolgreich?
    Log-Analyse und Auswertung - 02.01.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt? - Hallo, ich bräuchte mal wieder eure Hilfe Ich habe meinen USB-Stick benutzt, um in einem Copy-Shop etwas auszudrucken. Als ich ihn zu Hause wieder benutzt habe, endeten plötzlich alle Ordnernamen - TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt?...
Archiv
Du betrachtest: TR/Dropper.Gen auf USB-Stick - erfolgreich geblockt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130