Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Plagegeister aller Art und deren Bekämpfung: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 21.11.2012, 23:33   #16
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


OTL-LOG:

Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Daniel Graf\AppData\Roaming\Tysuog folder moved successfully.
C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U folder moved successfully.
C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L folder moved successfully.
C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023} folder moved successfully.
C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U folder moved successfully.
C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L folder moved successfully.
C:\Users\Daniel Graf\AppData\Local\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daniel Graf\Desktop\cmd.bat deleted successfully.
C:\Users\Daniel Graf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel Graf
->Temp folder emptied: 781873 bytes
->Temporary Internet Files folder emptied: 15922093 bytes
->Java cache emptied: 4025611 bytes
->FireFox cache emptied: 274071411 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 46130 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102875023 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 886660212 bytes
 
Total Files Cleaned = 1.225,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11212012_232350

Files\Folders moved on Reboot...
C:\Users\Daniel Graf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 22.11.2012, 12:58   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________

__________________
Alt 23.11.2012, 12:01   #18
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus,

hier die Textdatei:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 12:00:10 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel Graf - DANIELPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel Graf\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Users\Daniel Graf\AppData\Roaming\eType
Ordner Gefunden : C:\Users\Daniel Graf\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Daniel Graf\AppData\Roaming\Mozilla\Firefox\Profiles\bguaee61.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Daniel Graf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2811 octets] - [23/11/2012 12:00:10]

########## EOF - C:\AdwCleaner[R1].txt - [2871 octets] ##########
__________________
Alt 23.11.2012, 14:23   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2012, 22:06   #20
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus,

heute mittag nei einem Avira Scan wurde ein sog. :TR/Crypt.XPack.gen gefunden.

hier die Textdatei von adwcleaner.exe:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 21:46:44 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel Graf - DANIELPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel Graf\Desktop\Virenprogramme\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Daniel Graf\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Daniel Graf\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Daniel Graf\AppData\Roaming\Mozilla\Firefox\Profiles\bguaee61.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Daniel Graf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2930 octets] - [23/11/2012 12:00:10]
AdwCleaner[S1].txt - [2762 octets] - [23/11/2012 21:46:44]

########## EOF - C:\AdwCleaner[S1].txt - [2822 octets] ##########

hier die von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2012 21:53:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel Graf\Desktop\Virenprogramme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,59% Memory free
7,98 Gb Paging File | 6,39 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 525,82 Gb Free Space | 75,26% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 120,77 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Daniel Graf\Desktop\Virenprogramme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
PRC - C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtWlan.exe (Sitecom Corp.)
PRC - C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe (BUFFALO INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcats.dll ()
MOD - C:\Windows\SysWOW64\LXEDsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll ()
MOD - C:\Windows\SysWOW64\LXEDsm.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:64bit: - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (lxedCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LexPrintListener) -- C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll ( )
SRV - (BWH32S) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe (BUFFALO INC.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (Si3124r5) -- C:\Windows\SysNative\drivers\Si3124r5.sys (Silicon Image, Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (adp3132) -- C:\Windows\SysNative\drivers\adp3132.sys (Adaptec, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (PciIsaSerial) -- C:\Windows\SysNative\drivers\PciIsaSerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\drivers\PciPPorts.sys ()
DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\drivers\PciSPorts.sys ()
DRV:64bit: - (SPorts) -- C:\Windows\SysNative\drivers\SPorts.sys ()
DRV:64bit: - (PPorts) -- C:\Windows\SysNative\drivers\PPorts.sys ()
DRV:64bit: - (ISASerial) -- C:\Windows\SysNative\drivers\ISASerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices)
DRV:64bit: - (Bufeap) -- C:\Windows\SysNative\drivers\bufeap64.sys (BUFFALO INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 FD 1D 8C 86 8D CB 01  [binary data]
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{1086A097-7D1E-41F1-850C-A1A6C5BC8C4B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE407
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel Graf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:29:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions
[2011.06.20 01:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.23 14:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions
[2012.09.19 10:04:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\Firefox\Profiles\bguaee61.default\extensions\ich@maltegoetz.de
[2012.11.23 14:01:50 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Daniel Graf\AppData\Roaming\mozilla\firefox\profiles\bguaee61.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.02.20 01:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 17:56:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.22 10:26:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 16:50:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 10:26:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 10:26:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 10:26:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 10:26:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw
 
O1 HOSTS File: ([2012.11.21 23:24:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1861507059-4191554130-2990585910-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel Graf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{133CCE8A-AE40-43EB-9C99-EB0E31A09208}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.25 07:27:21 | 000,000,133 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 11:57:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.23 11:57:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.23 11:57:07 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.21 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.21 03:27:49 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.21 03:27:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.21 03:21:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.21 03:21:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.21 03:21:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.21 03:21:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.21 03:21:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.21 03:21:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.21 03:21:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.21 03:21:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.21 03:21:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.21 03:21:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.21 03:21:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.21 03:21:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.21 03:21:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.21 03:21:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.21 03:21:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.21 03:16:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.21 03:16:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.21 03:16:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.21 03:16:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.21 03:10:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.21 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.20 15:12:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.20 15:12:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.20 15:12:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.20 15:12:56 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.11.20 15:12:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.11.20 15:12:55 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.11.20 15:12:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.20 15:12:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.11.20 15:12:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.11.20 15:12:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.20 15:12:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.11.20 15:12:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.11.20 15:12:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.11.20 15:12:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.11.20 15:12:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.11.20 15:12:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.20 15:12:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.11.20 15:12:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.11.20 15:12:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.11.20 15:12:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.20 15:12:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.20 15:12:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.20 15:12:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.11.20 15:12:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.11.20 15:12:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.20 15:12:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.20 15:12:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.20 15:12:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.20 15:12:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.20 15:12:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.11.20 15:12:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.20 15:12:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.11.20 15:12:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.11.20 15:12:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.11.20 15:12:27 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.11.20 15:12:27 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.11.20 15:12:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.20 15:12:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.20 15:12:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.20 15:12:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.20 15:12:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.20 15:12:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.20 15:12:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.11.20 15:12:15 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.11.20 15:11:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.20 15:11:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.20 15:11:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.11.20 15:11:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.11.20 15:11:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.11.20 15:11:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.11.20 15:11:47 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.11.20 15:11:47 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.11.20 15:11:47 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.11.20 15:11:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.11.20 15:11:45 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.11.20 15:11:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.11.20 14:55:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.20 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Avira
[2012.11.20 12:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.20 12:19:23 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.20 12:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Desktop\Virenprogramme
[2012.11.20 11:56:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.20 11:43:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 11:43:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 11:43:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 11:27:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 11:27:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.18 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.18 13:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.10.30 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.30 11:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.10.26 21:32:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\Tracing
[2012.10.26 21:27:01 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.10.26 21:25:36 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.10.26 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.10.26 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.10.26 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.10.26 21:18:27 | 000,000,000 | R--D | C] -- C:\Users\Daniel Graf\SkyDrive
[2012.10.26 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.10.26 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel Graf\AppData\Roaming\Malwarebytes
[2012.10.26 17:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.26 17:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 11:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.11.23 21:52:12 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.11.23 21:51:31 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.23 21:50:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 21:48:25 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 21:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.23 21:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 20:33:00 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 20:33:00 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 23:24:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.11.21 15:11:26 | 000,756,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 15:11:26 | 000,700,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 15:11:26 | 000,173,058 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 15:11:26 | 000,139,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 15:11:25 | 001,763,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 03:55:22 | 000,446,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.21 03:31:38 | 001,645,318 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.20 18:24:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.20 18:24:39 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.20 17:20:23 | 486,964,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.19 22:57:47 | 000,000,980 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | M] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.13 17:26:09 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.13 17:26:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.02 18:27:41 | 000,038,856 | ---- | M] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.11.21 03:27:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.21 03:16:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.20 12:32:32 | 486,964,904 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.20 11:43:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 11:43:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 11:43:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 11:43:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 11:43:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.19 22:57:47 | 000,000,980 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\7-Zip File Manager.lnk
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Zombies.url
[2012.11.13 18:17:44 | 000,000,222 | ---- | C] () -- C:\Users\Daniel Graf\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012.11.02 18:27:41 | 000,038,856 | ---- | C] () -- C:\Users\Daniel Graf\Documents\Rechnung 25.pdf
[2012.10.26 21:26:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.26 21:26:32 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.10.26 21:26:24 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.10.26 21:26:19 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.10.26 21:18:27 | 000,002,198 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.10.08 20:43:07 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.14 10:14:32 | 000,006,656 | ---- | C] () -- C:\Users\Daniel Graf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.07 14:33:00 | 001,645,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.28 18:58:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 18:58:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.11 21:11:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2011.01.11 21:11:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2011.01.11 21:11:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2011.01.11 21:11:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2011.01.11 21:11:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2011.01.11 21:11:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2011.01.11 21:11:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2011.01.11 21:11:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2011.01.11 21:11:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2011.01.11 21:11:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2011.01.11 21:11:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2011.01.11 21:11:42 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2011.01.11 21:11:42 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2011.01.11 21:11:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2011.01.11 21:11:42 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2011.01.11 21:11:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2011.01.11 21:11:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2011.01.11 21:11:42 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2011.01.11 21:11:41 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2011.01.11 21:11:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2010.12.14 16:18:08 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010.12.14 16:18:07 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010.11.29 23:17:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.29 23:17:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.26 17:21:38 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 21:53:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel Graf\Desktop\Virenprogramme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,59% Memory free
7,98 Gb Paging File | 6,39 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 525,82 Gb Free Space | 75,26% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 120,77 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive E: | 5,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DANIELPC | User Name: Daniel Graf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1979DE01-A891-4DC9-812B-5945B99106DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2BEC3198-E747-4847-A51A-6ABFD6D1802E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03AAD406-9581-450E-A15F-C2F88825D7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{280F06DC-7B8E-4C53-ABE0-84707C09C0BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{28D84B30-B70B-4702-B4A6-2FBCB3DCFE8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{42378D26-4008-4A58-BB28-D05FD3D7A393}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4D6D7088-61B4-4BA2-8FD8-95C34FF97B32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68C55983-D204-42B8-9A58-91DDED50B42C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AE29DB95-5322-4008-986A-CD9DDAA29DB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BBC05DEF-3EA5-4590-A2DB-2D5434BF8320}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{C9CCB636-5FB4-4DCC-996E-4DF6F8DA6C21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{CA5B5E4A-FE8B-43C7-9095-4BF603A74D32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D11DAF59-8A92-4ABE-BD9B-C7F79B6980F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E78D12BF-A635-4FFE-B7E0-3903DA365C31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4BCAB99-1977-4B24-B16C-6D6003C7D27C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Lexmark S600 Series" = Lexmark S600 Series
"Lexmark_iListener" = Lexmark Software Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"sp6" = Logitech SetPoint 6.22
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N USB Wireless LAN Driver and Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{EBFAF1A4-8F2A-4B1E-B02B-53A3BCB86621}" = TNC320 (340554)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Commandos 3 Destination Berlin_is1" = Commandos 3 Destination Berlin
"dvdisaster_is1" = dvdisaster-0.79.1
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.16.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.3.2
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"SystemRequirementsLab" = System Requirements Lab
"UN900119" = BUFFALO Client Manager V
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1861507059-4191554130-2990585910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2012 06:35:17 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
Error - 25.09.2012 09:05:53 | Computer Name = DanielPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.09.2012 10:33:08 | Computer Name = DanielPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.09.2012 12:19:59 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
Error - 25.09.2012 13:29:39 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
Error - 26.09.2012 04:01:57 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
Error - 26.09.2012 04:42:16 | Computer Name = DanielPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.09.2012 13:29:38 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
Error - 26.09.2012 15:29:46 | Computer Name = DanielPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4fbcf67c  Name des fehlerhaften Moduls: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4fbcf67c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000049ea  ID des fehlerhaften
 Prozesses: 0xc9c  Startzeit der fehlerhaften Anwendung: 0x01cd9bbd6d6af618  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\svchost.exe  Berichtskennung: 87221f30-0810-11e2-b8e9-6c626d0d8ab1
 
Error - 27.09.2012 07:09:38 | Computer Name = DanielPC | Source = Avira Antivirus | ID = 4122
Description = Unable to load file AVGDLL_Init(avgntflt).   Returned error code: 0xffffffff
 
[ Media Center Events ]
Error - 24.01.2011 18:50:14 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 23:50:09 - Fehler beim Herstellen der Internetverbindung.  23:50:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 19:53:10 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 00:53:10 - Fehler beim Herstellen der Internetverbindung.  00:53:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 19:53:25 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 00:53:16 - Fehler beim Herstellen der Internetverbindung.  00:53:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 20:56:19 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 01:56:19 - Fehler beim Herstellen der Internetverbindung.  01:56:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 20:56:35 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 01:56:25 - Fehler beim Herstellen der Internetverbindung.  01:56:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 21:59:31 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 02:59:31 - Fehler beim Herstellen der Internetverbindung.  02:59:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2011 21:59:48 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 02:59:38 - Fehler beim Herstellen der Internetverbindung.  02:59:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.01.2011 18:26:28 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 23:26:28 - Fehler beim Herstellen der Internetverbindung.  23:26:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.01.2011 18:26:38 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 23:26:33 - Fehler beim Herstellen der Internetverbindung.  23:26:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2011 07:48:13 | Computer Name = DanielPC | Source = MCUpdate | ID = 0
Description = 12:48:11 - Fehler beim Herstellen der Internetverbindung.  12:48:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 22.11.2012 07:51:35 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxedCATSCustConnectService erreicht.
 
Error - 22.11.2012 07:51:35 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxedCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.11.2012 08:53:43 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxedCATSCustConnectService erreicht.
 
Error - 22.11.2012 08:53:43 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxedCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.11.2012 06:49:48 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 23.11.2012 06:51:36 | Computer Name = DanielPC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 23.11.2012 15:25:10 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxedCATSCustConnectService erreicht.
 
Error - 23.11.2012 15:25:10 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxedCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.11.2012 16:51:24 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxedCATSCustConnectService erreicht.
 
Error - 23.11.2012 16:51:24 | Computer Name = DanielPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxedCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
--- --- ---
Alt 26.11.2012, 10:04   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Zitat:
heute mittag nei einem Avira Scan wurde ein sog. :TR/Crypt.XPack.gen gefunden.
Was soll ich mit dieser unvollständigen Info denn bitte anfangen?
__________________
--> Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!

Alt 26.11.2012, 10:43   #22
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo cosinus.

Ich dachte das wäre wichtig für die weitere
Vorgehensweise. Wollte dich nicht mit
Textdateien zumüllen die du nicht von mir
Gefordert hast. Womöglich hast du ja aus den
anderen Textdateien schon gesehen dass
da noch was ist?! Soll ich dir Bericht senden?

Alt 26.11.2012, 11:36   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Zitat:
Ich dachte das wäre wichtig für die weitere
Vorgehensweise
Ja natürlich ist das schon intreessant, aber was soll ich nur mit dem Schädlingsnamen anfangen?

Es geht nicht um das OTL-Log, das hab ich ja gefordert, es geht um die unvollständige von dir berichtete Meldung des Virenscanners!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.11.2012, 23:27   #24
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus,

wüsste nicht wie ich dir diesen Schädling genauer Schildern sollte (bin leider nicht so der PC-Experte ), denke mal du meinst damit dass ich dir die Meldung des Virenscanners zu senden soll?!

hier der Avira Report:

Code:
ATTFilter

Avira Free Antivirus
Report file date: Freitag, 23. November 2012  12:04


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : DANIELPC

Version information:
BUILD.DAT       : 13.0.0.2761    48279 Bytes  09.11.2012 16:45:00
AVSCAN.EXE      : 13.4.0.262    638752 Bytes  09.11.2012 15:36:51
AVSCANRC.DLL    : 13.4.0.219     54560 Bytes  09.10.2012 15:19:07
LUKE.DLL        : 13.4.0.251     67360 Bytes  05.11.2012 09:12:42
AVSCPLR.DLL     : 13.4.0.262     93984 Bytes  09.11.2012 15:37:00
AVREG.DLL       : 13.4.0.244    245536 Bytes  30.10.2012 13:06:23
avlode.dll      : 13.4.0.255    426272 Bytes  06.11.2012 17:30:03
avlode.rdf      : 13.0.0.24       7196 Bytes  27.09.2012 09:30:38
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF    : 7.11.50.230  3904512 Bytes  22.11.2012 15:04:31
VBASE008.VDF    : 7.11.50.231     2048 Bytes  22.11.2012 15:04:31
VBASE009.VDF    : 7.11.50.232     2048 Bytes  22.11.2012 15:04:31
VBASE010.VDF    : 7.11.50.233     2048 Bytes  22.11.2012 15:04:31
VBASE011.VDF    : 7.11.50.234     2048 Bytes  22.11.2012 15:04:31
VBASE012.VDF    : 7.11.50.235     2048 Bytes  22.11.2012 15:04:31
VBASE013.VDF    : 7.11.50.236     2048 Bytes  22.11.2012 15:04:31
VBASE014.VDF    : 7.11.50.237     2048 Bytes  22.11.2012 15:04:31
VBASE015.VDF    : 7.11.50.238     2048 Bytes  22.11.2012 15:04:31
VBASE016.VDF    : 7.11.50.239     2048 Bytes  22.11.2012 15:04:31
VBASE017.VDF    : 7.11.50.240     2048 Bytes  22.11.2012 15:04:31
VBASE018.VDF    : 7.11.50.241     2048 Bytes  22.11.2012 15:04:31
VBASE019.VDF    : 7.11.50.242     2048 Bytes  22.11.2012 15:04:31
VBASE020.VDF    : 7.11.50.243     2048 Bytes  22.11.2012 15:04:31
VBASE021.VDF    : 7.11.50.244     2048 Bytes  22.11.2012 15:04:31
VBASE022.VDF    : 7.11.50.245     2048 Bytes  22.11.2012 15:04:31
VBASE023.VDF    : 7.11.50.246     2048 Bytes  22.11.2012 15:04:31
VBASE024.VDF    : 7.11.50.247     2048 Bytes  22.11.2012 15:04:31
VBASE025.VDF    : 7.11.50.248     2048 Bytes  22.11.2012 15:04:31
VBASE026.VDF    : 7.11.50.249     2048 Bytes  22.11.2012 15:04:31
VBASE027.VDF    : 7.11.50.250     2048 Bytes  22.11.2012 15:04:31
VBASE028.VDF    : 7.11.50.251     2048 Bytes  22.11.2012 15:04:31
VBASE029.VDF    : 7.11.50.252     2048 Bytes  22.11.2012 15:04:31
VBASE030.VDF    : 7.11.50.253     2048 Bytes  22.11.2012 15:04:31
VBASE031.VDF    : 7.11.51.10     73216 Bytes  23.11.2012 10:52:18
Engine version  : 8.2.10.204
AEVDF.DLL       : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL    : 8.1.4.68      467324 Bytes  22.11.2012 21:04:11
AESCN.DLL       : 8.1.9.4       131445 Bytes  20.11.2012 11:23:57
AESBX.DLL       : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL       : 8.2.0.74      643445 Bytes  07.11.2012 10:09:14
AEPACK.DLL      : 8.3.0.40      815479 Bytes  20.11.2012 11:23:56
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 14:00:38
AEHEUR.DLL      : 8.1.4.142    5566841 Bytes  22.11.2012 21:04:11
AEHELP.DLL      : 8.1.25.2      258423 Bytes  12.10.2012 14:52:32
AEGEN.DLL       : 8.1.6.10      438646 Bytes  20.11.2012 11:23:54
AEEXP.DLL       : 8.2.0.12      119158 Bytes  22.11.2012 21:04:12
AEEMU.DLL       : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 10:09:14
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38
AVWINLL.DLL     : 13.4.0.163     25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL      : 13.4.0.163     50464 Bytes  19.09.2012 17:07:51
AVREP.DLL       : 13.4.0.244    177952 Bytes  30.10.2012 13:06:41
AVARKT.DLL      : 13.4.0.232    260384 Bytes  16.10.2012 15:55:29
AVEVTLOG.DLL    : 13.4.0.232    167200 Bytes  16.10.2012 15:56:35
SQLITE3.DLL     : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL      : 13.4.0.163     62240 Bytes  19.09.2012 17:08:55
NETNT.DLL       : 13.4.0.163     15648 Bytes  19.09.2012 17:16:26
RCIMAGE.DLL     : 13.4.0.163   4782880 Bytes  19.09.2012 18:40:13
RCTEXT.DLL      : 13.4.0.163     66336 Bytes  19.10.2012 10:56:26

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Freitag, 23. November 2012  12:04

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '98' Module(s) have been scanned
Scan process 'svchost.exe' - '123' Module(s) have been scanned
Scan process 'svchost.exe' - '171' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '51' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'taskhost.exe' - '57' Module(s) have been scanned
Scan process 'Dwm.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '163' Module(s) have been scanned
Scan process 'avguard.exe' - '78' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'lxedmon.exe' - '52' Module(s) have been scanned
Scan process 'ezprint.exe' - '66' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '74' Module(s) have been scanned
Scan process 'Dropbox.exe' - '77' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'BWH32S.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'nvtray.exe' - '53' Module(s) have been scanned
Scan process 'lxedcoms.exe' - '54' Module(s) have been scanned
Scan process 'sqlservr.exe' - '64' Module(s) have been scanned
Scan process 'pdf24.exe' - '37' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'avgnt.exe' - '103' Module(s) have been scanned
Scan process 'NitroPDFReaderDriverService2x64.exe' - '19' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'RtlService.exe' - '31' Module(s) have been scanned
Scan process 'RtWlan.exe' - '71' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '29' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '76' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '59' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'DllHost.exe' - '41' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '52' Module(s) have been scanned
Scan process 'daemonu.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'steam.exe' - '134' Module(s) have been scanned
Scan process 'SteamService.exe' - '53' Module(s) have been scanned
Scan process 'firefox.exe' - '157' Module(s) have been scanned
Scan process 'avcenter.exe' - '91' Module(s) have been scanned
Scan process 'avscan.exe' - '114' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'taskeng.exe' - '28' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '69' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '3196' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\20.11.2012_14.53.52\necurs0000\svc0000\tsk0000.dta
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\_OTL\MovedFiles\11212012_232350\C_Users\Daniel Graf\AppData\Roaming\Tysuog\fafozy.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'D:\'
    [0] Archive type: RSRC
    --> C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe
        [1] Archive type: RSRC
      --> C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe
          [2] Archive type: RSRC
        --> C:\Users\Daniel Graf\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
            [3] Archive type: Runtime Packed
          --> C:\Users\Daniel Graf\AppData\Roaming\Dropbox\bin\Dropbox.exe
              [4] Archive type: RSRC
            --> C:\Users\Daniel Graf\Downloads\Dropbox 1.2.52.exe
                [5] Archive type: NSIS
              --> C:\Users\Daniel Graf\Downloads\jxpiinstall.exe
                  [6] Archive type: Runtime Packed
                --> D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-04-22 190000\Backup files 1.zip
                    [7] Archive type: ZIP
                  --> D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-04-22 190000\Backup files 2.zip
                      [8] Archive type: ZIP
                    --> D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-13 212246\Backup files 3.zip
                        [9] Archive type: ZIP
                      --> D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-22 200856\Backup files 3.zip
                          [10] Archive type: ZIP
                        --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
                            [WARNING]   The file could not be read!
D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-22 200856\Backup files 3.zip
  [WARNING]   The file could not be read!
                      --> D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-06-03 190005\Backup files 1.zip
                          [10] Archive type: ZIP
                        --> D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 1.zip
                            [11] Archive type: ZIP
                          --> D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 13.zip
                              [12] Archive type: ZIP
                            --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
                                [WARNING]   The file could not be read!
D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 13.zip
  [WARNING]   The file could not be read!
                          --> D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 4.zip
                              [12] Archive type: ZIP
                            --> D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-17 190001\Backup files 5.zip
                                [13] Archive type: ZIP
                              --> D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 22.zip
                                  [14] Archive type: ZIP
                                --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
                                    [WARNING]   The file could not be read!
D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 22.zip
  [WARNING]   The file could not be read!
                              --> D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 4.zip
                                  [14] Archive type: ZIP
                                --> D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 8.zip
                                    [15] Archive type: ZIP
                                  --> D:\DANIELPC\Backup Set 2012-08-13 212415\Backup Files 2012-08-13 212415\Backup files 9.zip
                                      [16] Archive type: ZIP
                                    --> D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 13.zip
                                        [17] Archive type: ZIP
                                      --> D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 29.zip
                                          [18] Archive type: ZIP
                                        --> C/Users/Daniel Graf/Downloads/301.42-desktop-win7-winvista-64bit-international-whql.exe
                                            [WARNING]   The file could not be read!
D:\DANIELPC\Backup Set 2012-11-11 194253\Backup Files 2012-11-11 194253\Backup files 29.zip
  [WARNING]   The file could not be read!

Beginning disinfection:
C:\_OTL\MovedFiles\11212012_232350\C_Users\Daniel Graf\AppData\Roaming\Tysuog\fafozy.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5b36120f.qua'!
C:\TDSSKiller_Quarantine\20.11.2012_14.53.52\necurs0000\svc0000\tsk0000.dta
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '43ae3db0.qua'!


End of the scan: Freitag, 23. November 2012  18:27
Used time:  4:29:46 Hour(s)

The scan has been done completely.

  39250 Scanned directories
 5475842 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 5475840 Files not concerned
  56346 Archives were scanned
      4 Warnings
      2 Notes
 881887 Objects were scanned with rootkit scan
      0 Hidden objects were found

Alt 27.11.2012, 09:58   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Die XPACK Funde sind nur in den Quarantäneordnern von OTL und TDSS-Killer! Das ist kein aktiver Schädling

Bitte mal den aktuellen adwCleaner v2.009 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.11.2012, 12:59   #26
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus,

Hier die Textdatei:

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 27/11/2012 um 12:58:41 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel Graf - DANIELPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel Graf\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Daniel Graf\AppData\Roaming\Mozilla\Firefox\Profiles\bguaee61.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Daniel Graf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2930 octets] - [23/11/2012 12:00:10]
AdwCleaner[R2].txt - [1005 octets] - [27/11/2012 12:58:41]
AdwCleaner[S1].txt - [2881 octets] - [23/11/2012 21:46:44]

########## EOF - C:\AdwCleaner[R2].txt - [1125 octets] ##########

Alt 27.11.2012, 13:19   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.11.2012, 21:55   #28
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus,

maware-log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel Graf :: DANIELPC [Administrator]

27.11.2012 14:08:35
mbam-log-2012-11-27 (14-08-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235123
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
eset-Textdatei (die si aber sehr kurz ?):

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok

Alt 27.11.2012, 22:16   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Versuch ESET bitte nochmal so: Dieses Setup von ESET von runterladen => http://filepony.de/download-eset_online_scanner/
Beende danach alle Programme und starte das Setup via Rechtklick => als Administrator ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.11.2012, 01:25   #30
daniskin
 
Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - Standard

Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


Hallo Cosinus;

hier die Eset-Textdatei:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7a16857694c0144797b14aaec3790013
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-28 06:32:31
# local_time=2012-11-28 07:32:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 646123 646123 0 0
# compatibility_mode=5893 16776574 100 94 646358 105682735 0 0
# compatibility_mode=8192 67108863 100 0 34651 34651 0 0
# scanned=301673
# found=2
# cleaned=0
# scan_time=74664
D:\DANIELPC\Backup Set 2012-04-02 154829\Backup Files 2012-05-06 190043\Backup files 1.zip	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\DANIELPC\Backup Set 2012-06-17 190001\Backup Files 2012-06-24 190000\Backup files 2.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I

Antwort
Seite 2 von 3 1 2 3

Themen zu Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!
adobe, adware, adware/installcore.gen, autorun, avg, avira, bho, black, bonjour, desktop, error, firefox, flash player, google, home, icreinstall, launch, logfile, mozilla, mp3, nvidia update, online games, plug-in, programm, realtek, registry, senden, server, software, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, visual studio, warnung


« Startfenster.com bei Start von Google Chrome | savings sidekicks entfernen »


Ähnliche Themen: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!


  1. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  2. ADWARE/InstallCore.gen und ADWARE/InstallCore.E von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (7)
  3. Avira meldet: 'TR/Crypt.Xpack.66163' [trojan] gefunden.
    Log-Analyse und Auswertung - 12.06.2014 (15)
  4. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  5. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  6. unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  7. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  8. Trojan.SpyEyes, Trojan.ZbotR.Gen, 2x Trojan.Agent gefunden
    Mülltonne - 14.09.2012 (4)
  9. Trojaner TR/Crypt.xpack.Gen wird gemeldt, in scans nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  10. Unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden und Meldung der Hausbank
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (2)
  11. 'TR/Crypt.XPACK.Gen' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (1)
  12. Trojan.ZbotR;Malware Trace; Adware Ezlife;Backdoor.Bot etc...
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (15)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti
    Log-Analyse und Auswertung - 03.05.2010 (21)
  15. 'TR/Crypt.XPACK.Gen' [trojan] gefunden...
    Log-Analyse und Auswertung - 22.11.2009 (4)
  16. TR/Crypt.XPACK.Gen - Trojan 4 mal auf dem pc gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.10.2009 (2)
  17. AION.bin 'TR/Crypt.XPACK.Gen' [trojan] gefunden
    Log-Analyse und Auswertung - 27.09.2009 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! - OTL-LOG: Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== FILES ========== C:\Users\Daniel Graf\AppData\Roaming\Tysuog folder moved successfully. C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\U folder moved successfully. C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023}\L folder moved successfully. C:\Windows\Installer\{6b87cf6a-7afc-1fe0-bcf7-edeb86de7023} folder moved successfully. C:\Users\Daniel - Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden!...
Archiv
Du betrachtest: Trojan.zbotr.gen; ADWARE/InstallCore.Gen; TR/Crypt.XPACK.Gen bei diversen Scans gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131