Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schädliche Einträge in OTL ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.12.2012, 13:35   #1
Lloreter
 

Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Hallo,
ich helfe mittels Team Viewer einer 76-jährigen Dame, mit ihrem Rechner besser zurecht zu kommen.
Dazu habe ich auch ein OTL-Log erstellt, um mit meinen Anfängerkenntnissen mal drüber zu schauen. Dabei habe ich zwei Einträge entdeckt, die scheinbar als schädlich einzustufen sind. Kann sich mal ein Profi hier das Log durchschauen?
Aber eine Bitte habe ich dabei, um die Dame nicht durch Änderungen wieder zu verunsichern.
Wenn möglich keine Änderungen an IE oder Firefox, sofern nicht Malwarebedingt absolut nötig.
Und wenn da irgenwas in die Hose geht, kann ich nicht weiter helfen, denn die Gute hat keinen Zweitrechner und muss bei Ausfall ihren Rechner gegen Geld in einem Computerladen wieder richten lassen.
Deshalb, lasst uns bitte äußerst vorsichtig vorgehen.
Wenn also etwas nicht zwingend geändert werden muss, sollten wir das nicht machen, das wäre echt super lieb von euch.
Malwarebytes habe ich auch durchlaufen lassen, ohne Resultat. Hab das Log grad nicht zur Hand.

Also wie gesagt, wenn es Sachen gibt, die nicht unbedingt wegen Schädlingsbefall bereinigt werden sollen, bitte nichts unternehmen, denn bei einem Rechnerabsturz auf der Gegenseite geht dann garnichts mehr. Sehr heikle Angelegenheit. Danke.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 27.11.2012 21:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ABC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 62,35% Memory free
7,21 Gb Paging File | 5,57 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 261,54 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
Drive D: | 574,94 Mb Total Space | 9,80 Mb Free Space | 1,71% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,11 Gb Free Space | 95,47% Space Free | Partition Type: FAT32
 
Computer Name: ABC-PC | User Name: ABC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ABC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c07aa49ffd41a39bffaf653289f44038\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VCommMgr.sys (IVT Corporation.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\btnetdrv.sys (IVT Corporation.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D F8 B4 8C 6B 9D CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {46008e0d-47ac-4daa-a02a-5eb69044431a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{56749F38-A833-4550-BACC-F36D9A77B0D1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242336
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deES504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.24 20:42:12 | 000,000,000 | ---D | M]
 
[2012.11.24 20:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ABC\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S3FC2.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tuneup%20promotion ([]https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB217EDF-2CFC-466F-9319-699410BC481F}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.22 11:26:40 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.10.28 22:55:26 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2012.10.28 22:55:26 | 000,000,128 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 21:15:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ABC\Desktop\OTL.exe
[2012.11.26 00:17:17 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2012.11.24 23:37:06 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\Kontakte
[2012.11.24 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Thunderbird
[2012.11.24 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Thunderbird
[2012.11.24 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Mozilla
[2012.11.24 20:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.24 20:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 20:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.24 00:06:56 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\TeamViewer
[2012.11.23 04:06:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.23 04:06:44 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.23 04:06:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.23 04:06:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.23 04:06:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.23 04:06:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.23 04:06:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.23 04:06:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.23 04:06:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.23 04:06:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.23 04:06:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.23 04:06:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.22 11:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.22 10:39:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2012.11.22 10:39:57 | 000,000,000 | ---D | C] -- C:\inetpub
[2012.11.22 10:39:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2012.11.21 20:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.11.21 20:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.11.21 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.11.21 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.11.21 20:17:28 | 000,047,232 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2012.11.21 20:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.11.21 20:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.11.21 08:54:47 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.21 08:54:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.21 08:43:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.21 08:43:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.21 08:43:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.21 08:43:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.21 08:43:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.21 08:43:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.21 08:43:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.21 08:43:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.21 08:43:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.21 08:43:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.21 08:43:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.21 08:43:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.21 08:43:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.21 08:43:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.21 08:43:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.21 08:41:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.21 08:41:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.21 08:41:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.21 08:41:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.21 07:35:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.21 07:35:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.21 07:35:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.21 07:35:37 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.21 07:35:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.21 07:35:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.21 07:35:04 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.21 07:35:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.21 07:35:03 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.21 07:35:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.21 07:35:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.21 06:19:09 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\Sammelordner
[2012.11.21 01:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.11.19 05:57:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.18 18:29:28 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2012.11.18 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012.11.14 07:33:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.13 02:58:32 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2012.11.12 04:21:33 | 000,000,000 | ---D | C] -- C:\Users\ABC\Tracing
[2012.11.12 01:58:20 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.11.12 01:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.11.12 01:57:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.11.12 01:57:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.11.12 01:56:34 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.12 01:56:34 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.12 01:56:34 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.12 01:56:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.12 01:56:31 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.12 01:56:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.12 01:56:30 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.12 01:56:30 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.12 01:55:41 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.12 01:55:41 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.12 01:54:53 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.12 01:54:53 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.12 01:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.11.12 01:53:32 | 000,000,000 | R--D | C] -- C:\Users\ABC\SkyDrive
[2012.11.12 01:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.11.08 21:53:36 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2012.11.08 21:53:35 | 000,126,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBVE.DLL
[2012.11.08 21:53:34 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBBVE.DLL
[2012.11.03 18:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.11.03 18:20:28 | 000,093,184 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2012.10.29 21:35:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.10.29 21:35:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.10.29 21:35:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.10.29 21:35:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.10.29 21:35:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012.10.29 21:35:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.10.29 21:35:36 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.10.29 21:35:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.10.29 21:35:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.10.29 21:35:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.10.29 21:35:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.10.29 21:35:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.10.29 21:35:35 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.10.29 21:35:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.10.29 21:35:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.10.29 21:35:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.10.29 21:35:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.10.29 21:35:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.10.29 21:35:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.10.29 21:35:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.10.29 21:35:34 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.10.29 21:35:33 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.10.29 21:35:33 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.10.29 21:35:32 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.10.29 21:35:31 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.10.29 21:32:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.29 21:32:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.10.29 21:32:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.10.29 21:32:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.10.29 03:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.28 23:54:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 21:15:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ABC\Desktop\OTL.exe
[2012.11.27 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 20:36:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 16:36:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 15:11:58 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 15:11:58 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 15:03:33 | 000,005,137 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.11.27 15:03:33 | 000,000,958 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012.11.27 15:03:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.11.27 15:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 15:02:32 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 22:47:17 | 000,294,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.26 21:39:22 | 000,001,599 | ---- | M] () -- C:\Users\ABC\Desktop\Uwe.rtf
[2012.11.26 13:16:55 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.25 06:58:19 | 000,000,183 | ---- | M] () -- C:\Users\ABC\Documents\Tanatorium.rtf
[2012.11.25 01:53:08 | 001,766,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 01:53:08 | 000,759,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 01:53:08 | 000,703,340 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 01:53:08 | 000,169,056 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 01:53:08 | 000,137,488 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.24 20:42:17 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.24 20:13:39 | 000,000,124 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012.11.22 11:26:40 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.22 10:41:16 | 001,654,172 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.22 10:13:20 | 000,000,493 | ---- | M] () -- C:\Users\ABC\Desktop\Wartungscenter - Verknüpfung.lnk
[2012.11.21 07:25:12 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.21 07:25:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.10 06:15:46 | 000,001,780 | ---- | M] () -- C:\Users\ABC\Documents\Dokument.rtf
[2012.11.09 04:43:03 | 000,000,213 | ---- | M] () -- C:\Users\ABC\Desktop\DB.url
[2012.11.08 01:55:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.08 01:55:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.07 03:46:41 | 000,010,583 | ---- | M] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1.rtf
[2012.11.07 03:46:41 | 000,010,583 | ---- | M] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1 (2).rtf
[2012.11.07 03:46:41 | 000,010,583 | ---- | M] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1 (2) - Kopie.rtf
[2012.11.03 18:29:55 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.11.03 16:08:09 | 000,000,375 | ---- | M] () -- C:\Users\ABC\Desktop\STICK (F) - Verknüpfung.lnk
[2012.11.02 01:30:41 | 000,005,951 | ---- | M] () -- C:\Users\ABC\Documents\1211-21776-01.pdf
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.30 18:46:20 | 000,000,535 | ---- | M] () -- C:\Users\ABC\Desktop\Fotos - Verknüpfung.lnk
[2012.10.30 17:03:01 | 000,001,034 | ---- | M] () -- C:\Users\ABC\Desktop\Bluetooth - Verknüpfung.lnk
[2012.10.29 00:25:33 | 000,000,355 | ---- | M] () -- C:\Users\ABC\Desktop\Computer - Verknüpfung.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 21:39:22 | 000,001,599 | ---- | C] () -- C:\Users\ABC\Desktop\Uwe.rtf
[2012.11.26 13:16:55 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.11.26 13:16:55 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.25 06:58:19 | 000,000,183 | ---- | C] () -- C:\Users\ABC\Documents\Tanatorium.rtf
[2012.11.24 20:42:17 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.11.24 20:42:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.22 11:26:40 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012.11.22 10:41:04 | 001,654,172 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.22 10:13:20 | 000,000,493 | ---- | C] () -- C:\Users\ABC\Desktop\Wartungscenter - Verknüpfung.lnk
[2012.11.21 08:54:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.21 08:41:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 01:58:11 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.11.12 01:58:01 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.11.12 01:57:37 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.11.10 06:15:46 | 000,001,780 | ---- | C] () -- C:\Users\ABC\Documents\Dokument.rtf
[2012.11.09 04:22:44 | 000,000,213 | ---- | C] () -- C:\Users\ABC\Desktop\DB.url
[2012.11.08 02:02:12 | 000,010,583 | ---- | C] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1 (2) - Kopie.rtf
[2012.11.07 03:49:24 | 000,010,583 | ---- | C] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1 (2).rtf
[2012.11.07 03:48:16 | 000,010,583 | ---- | C] () -- C:\Users\ABC\Documents\Dokument TELEFONICA 1.rtf
[2012.11.03 18:20:31 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.11.03 16:08:09 | 000,000,375 | ---- | C] () -- C:\Users\ABC\Desktop\STICK (F) - Verknüpfung.lnk
[2012.11.03 15:03:05 | 000,005,951 | ---- | C] () -- C:\Users\ABC\Documents\1211-21776-01.pdf
[2012.10.30 18:46:20 | 000,000,535 | ---- | C] () -- C:\Users\ABC\Desktop\Fotos - Verknüpfung.lnk
[2012.10.30 17:03:01 | 000,001,034 | ---- | C] () -- C:\Users\ABC\Desktop\Bluetooth - Verknüpfung.lnk
[2012.10.29 00:25:33 | 000,000,355 | ---- | C] () -- C:\Users\ABC\Desktop\Computer - Verknüpfung.lnk
[2012.10.23 13:53:55 | 000,001,761 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012.10.23 13:53:29 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012.10.23 13:51:24 | 000,005,137 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.10.23 13:51:15 | 000,000,098 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.10.23 13:49:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2012.10.02 14:36:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.01 06:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.07.05 10:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.18 00:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.27 23:54:00 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\IrfanView
[2012.10.24 04:29:00 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\OpenOffice.org
[2012.09.28 12:10:32 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\Synaptics
[2012.10.18 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\Systweak
[2012.11.24 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\TeamViewer
[2012.11.24 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\Thunderbird
[2012.10.24 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\TuneUp Software
[2012.10.01 12:02:10 | 000,000,000 | ---D | M] -- C:\Users\ABC\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 796 bytes -> C:\Users\ABC\Documents\Per E-Mail senden_ Unbenannt xx.eml:OECustomProperty
@Alternate Data Stream - 728 bytes -> C:\Users\ABC\Documents\Re_ Press release.eml:OECustomProperty
@Alternate Data Stream - 704 bytes -> C:\Users\ABC\Documents\Leserbrief.eml:OECustomProperty

< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 21:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ABC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 62,35% Memory free
7,21 Gb Paging File | 5,57 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 261,54 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
Drive D: | 574,94 Mb Total Space | 9,80 Mb Free Space | 1,71% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,11 Gb Free Space | 95,47% Space Free | Partition Type: FAT32
 
Computer Name: ABC-PC | User Name: ABC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0453B690-EF49-4BC5-B34C-1B8826EEBC4E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{37833FAA-61F3-4465-9734-1ED7D7427B7A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7ACFD487-A205-4AC3-8257-32D0F1555216}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D695190-A8C3-4AA2-9179-A613EA541457}" = lport=137 | protocol=17 | dir=in | app=system | 
"{86E7F247-DD02-42CE-A649-5A0DE9A95BDE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9A9DF2A9-C440-403A-A5BA-FB44640582AE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A8B64756-8EBE-49E3-814B-73736FC10FAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B50FD016-44DE-4BCA-B732-36004D24DD79}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6EF34A6-46F1-4B77-B9C2-6CE69EC5005F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CEAB3BB8-59C6-4A5F-BBE2-6B68DC317270}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E3869C9D-36D9-4BAD-AB59-8B796E34BE31}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E8F28831-6B2B-4110-8A9F-B61D21DC1AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5049342-B2D8-4CFA-B9F5-183446B244A2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FC0B6F0A-AAD3-4B10-968E-949C9F754048}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{187801DA-7DF2-4BBB-84C6-BF0AA1364BC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1D7F902F-B538-4550-985E-F71F34C3CA9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1E500799-0930-4FBC-AD94-8622D1E285E7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{2DD6991B-2CF0-4695-97FF-B0CF679E8AE0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2DDDFDF1-6297-4DE2-A50B-3D1BE2702A5B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{45B66931-D395-4B8D-B390-BAECC41448AB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{4ABE8F08-650B-4DCA-BE05-462E8BC3F407}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{5CC4E085-B144-4105-8A6C-407CEDDD1CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A581230-04DB-4EF6-802A-6A8C913FA6C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{B9856186-3A1C-4EA8-86E5-11094733A77C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C97701F5-939C-4D51-9C53-7AC7DE676CD6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EBDCAEE5-6FBF-4B77-8E69-773C4501423A}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"TCP Query User{50D03A6C-A0FB-4734-B3FA-659A329B9C01}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{2C2D519D-1E4C-4604-9895-3AFE01190AAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{45DA9E62-D2BD-81D6-80FD-F57E2FEB00A8}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3C4ADC9-637E-DDD9-A66C-782AE5E2E667}" = ATI Catalyst Install Manager
"{C075E733-EA9C-AAAC-A95B-0D987A3C3266}" = ccc-utility64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC27906A-5898-02B7-8D19-2617A7B85E09}" = AMD Media Foundation Decoders
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FBBAB883-0BEE-4744-8062-281B213ADC1E}" = Bluesoleil 5.4.277.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05273A09-55BF-AB2D-DD22-D98690309C28}" = CCC Help Portuguese
"{0612A263-0976-324B-BEA9-82F01CA7370F}" = CCC Help Finnish
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34866446-F784-B458-40BA-672A7D546591}" = CCC Help German
"{391E468C-D459-7278-D506-01A5CA340E97}" = CCC Help Swedish
"{39B1BCF0-5D12-A5F8-616F-F31B3355C913}" = CCC Help Danish
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F71B6A1-B563-0FC9-12A0-D9897AC6BE45}" = CCC Help Czech
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{438DE441-C9B0-AEBB-907E-3D09E620FE62}" = CCC Help Japanese
"{45E31E25-3F02-AFF2-EBC8-ACECE264E126}" = CCC Help Hungarian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{584413CB-336A-EC10-BDA1-210DC882895D}" = CCC Help Russian
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{741F5171-235B-F5B0-6590-F4BB53B76D36}" = CCC Help Dutch
"{7971B0A3-2A0E-C212-257C-DF308908E62E}" = CCC Help English
"{7DDBDDCD-651C-F923-DED6-7DA7049F06CA}" = Catalyst Control Center InstallProxy
"{83772A97-05A6-3528-897E-097CE0A92BFF}" = CCC Help Greek
"{83B3CCC5-4C76-9873-66AD-08FF11723C90}" = CCC Help Spanish
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9744E5-2BB7-4042-BD1C-8A339480A08C}" = TouchFreeze
"{9EF417DB-7CAE-E311-06EE-DB828439677C}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Español
"{AD7B5622-C999-C9C8-26E4-6EEAFEC3065C}" = Catalyst Control Center Graphics Previews Common
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B1BC0AC7-EFC8-930E-474E-6EE4FAD46367}" = CCC Help Chinese Standard
"{B1E51748-B432-20BF-D875-5BE7FCB9DD0C}" = CCC Help Polish
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B86CCC49-ED61-F1C2-47E2-9A817FAAABC8}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C376EBB6-4079-197E-1A15-005FDA8CACB3}" = CCC Help Chinese Traditional
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CC5878A9-FB51-90A0-633E-65123F136283}" = AMD VISION Engine Control Center
"{CDC1661D-4EEC-E4A8-4B57-96C89E97DAD7}" = CCC Help Norwegian
"{CFB4E432-A339-1D85-1B5D-98572E65DE95}" = CCC Help French
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E60E35BD-8A1F-3CF9-5EB7-49DF5FACE9AD}" = CCC Help Korean
"{EB4CD629-A912-6D02-B562-C43EFED96680}" = CCC Help Turkish
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F4F82474-C548-2814-32FD-34D372AC189E}" = CCC Help Italian
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"IrfanView" = IrfanView (remove only)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2012 22:35:43 | Computer Name = ABC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: IMM32.DLL, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bdf40  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000121b
ID
 des fehlerhaften Prozesses: 0x119c  Startzeit der fehlerhaften Anwendung: 0x01cdc9c3b0d004f0
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\IMM32.DLL  Berichtskennung: a4856c2e-35df-11e2-aa15-a0b3ccc52824
 
Error - 23.11.2012 23:53:15 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.11.2012 02:34:31 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.11.2012 11:04:31 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.11.2012 00:20:02 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.11.2012 11:58:49 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.11.2012 15:47:43 | Computer Name = ABC-PC | Source = Application Error | ID = 1000
Error - 26.11.2012 06:17:50 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
 
Description = 
Error - 26.11.2012 17:42:35 | Computer Name = ABC-PC | Source = Microsoft-Windows-RestartManager
 | ID = 10006
 
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.
Error - 26.11.2012 17:48:44 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
 
Description = 
Error - 27.11.2012 10:04:26 | Computer Name = ABC-PC | Source = WinMgmt | ID = 10
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         
__________________
Con saludos
Uwe

Alt 11.12.2012, 17:38   #2
ryder
/// TB-Ausbilder
 
Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Zitat:
Dabei habe ich zwei Einträge entdeckt, die scheinbar als schädlich einzustufen sind.
Magst du verraten, welche das sein sollten?
__________________

__________________

Alt 11.12.2012, 18:32   #3
Lloreter
 

Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Hallo,
war nur eben eine Vermutung von mir, das folgende Einträge nicht so ganz OK sind. Wenn du mir natürlich sagst, das die Logs OK sind, umso besser.
Danke
Code:
ATTFilter
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
         
__________________
__________________

Alt 11.12.2012, 20:16   #4
ryder
/// TB-Ausbilder
 
Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Die genannten Einträge sind okay und auch sonst nichts verdächtiges.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 11.12.2012, 21:42   #5
Lloreter
 

Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Super, dankeschön. Das ist doch mal wieder beruhigend.

__________________
Con saludos
Uwe

Alt 11.12.2012, 21:46   #6
ryder
/// TB-Ausbilder
 
Schädliche Einträge in OTL ? - Standard

Schädliche Einträge in OTL ?



Na dann

Thema beendet.
__________________
--> Schädliche Einträge in OTL ?

Antwort

Themen zu Schädliche Einträge in OTL ?
antivirus, autorun, bho, e-mail, enigma, error, firefox, flash player, format, geld, helper, home, iexplore.exe, install.exe, installation, logfile, microsoft fix it, msvcrt, object, realtek, registry, rundll, scan, security, senden, software, stick, super, svchost.exe, windows, windows-explorer




Ähnliche Themen: Schädliche Einträge in OTL ?


  1. Gefälschte DHL-Email und (schädliche?) Infektion
    Plagegeister aller Art und deren Bekämpfung - 16.10.2015 (3)
  2. Hoch schädliche Malware infiziert PC
    Log-Analyse und Auswertung - 07.04.2015 (14)
  3. Schädliche objekte gefunden
    Log-Analyse und Auswertung - 01.01.2015 (10)
  4. Viele schädliche Einträge nach aut. Logauswertung
    Log-Analyse und Auswertung - 07.11.2011 (1)
  5. Hijack This hat schädliche Dateien gefunden
    Log-Analyse und Auswertung - 13.06.2011 (23)
  6. Schädliche Prozesse etc.?
    Log-Analyse und Auswertung - 06.07.2010 (1)
  7. Zugrigg auf Y:\autorun.inf blockiert und 2 schädliche? Einträge
    Plagegeister aller Art und deren Bekämpfung - 02.07.2010 (15)
  8. Schädliche .exe geladen
    Log-Analyse und Auswertung - 19.06.2010 (3)
  9. Schädliche Werbebanner auf Handelsblatt.de und Zeit.de
    Nachrichten - 03.02.2010 (0)
  10. Sehr Schädliche Programme?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (1)
  11. Kaspersky meldet schädliche Dateien
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (0)
  12. Schädliche rundll32.exe gefunden
    Log-Analyse und Auswertung - 14.06.2009 (3)
  13. HJK-Log zeigt eine Schädliche Datei
    Log-Analyse und Auswertung - 06.05.2009 (0)
  14. HijackThis findet schädliche Datei
    Log-Analyse und Auswertung - 29.03.2009 (14)
  15. Habe Verdacht auf schädliche Anwendungen
    Mülltonne - 31.03.2008 (0)
  16. Mehrere schädliche Dateien
    Mülltonne - 09.09.2007 (0)

Zum Thema Schädliche Einträge in OTL ? - Hallo, ich helfe mittels Team Viewer einer 76-jährigen Dame, mit ihrem Rechner besser zurecht zu kommen. Dazu habe ich auch ein OTL-Log erstellt, um mit meinen Anfängerkenntnissen mal drüber zu - Schädliche Einträge in OTL ?...
Archiv
Du betrachtest: Schädliche Einträge in OTL ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.